Sun Jul 23, 2017 8:12 pm
Well, even with RouterOS as it is now, the firewall rules are 100% the responsibility of the admin.
There is nothing inside RouterOS that will protect you from doing dumb things, and no fixed firewall rules except those stupid "rules for fasttrack counting".
There are no settings like in other routers, e.g. "prevent admin from internet side" or "prevent admin from WiFi network" with a checkmark somewhere, that would generate the proper rule.
So that is not the problem.
The problem is that you would be able to set all networking parameters and do all kinds of other things, including running local services that could use a lot of CPU or disk resources, replace functionality normally provided by RouterOS (e.g. a DHCP server, an OpenVPN service), etc. Then, when there are problems, support would have to investigate your particular installation and check that all the changes you made do not contribute to the problem you report.