/ip firewall filter
add action=accept chain=forward comment="WA Accept" dst-address-list=WHATSAPP-CIDR
add action=drop chain=forward comment="Else Drop" dst-address-list=!WHATSAPP-CIDR
This make all connection LAN and WIFI have same rule, even if they are in separate network.
My comment there for Thread Starter case with hotspot. So if ur target only for WIFI user, u can make address list for WIFI Network user first.
Example WIFI Network is 172.16.00.0/24 (I assume ur LAN have different network) so
/ip firewall address-list add address=172.16.0.0/24 list=WIFIUSER
Remember to change that segment IP with ur actual wifi network IP, which u want only access whatsapp.
Then change that quoted firewall with
/ip firewall filter
add action=accept chain=forward comment="WA Accept" dst-address-list=WHATSAPP-CIDR src-address-list=WIFIUSER
add action=drop chain=forward comment="Else Drop" dst-address-list=!WHATSAPP-CIDR src-address-list=WIFIUSER
Then additional I assume ur network using Private IP in RFC 1918, so then I think u need to catch content from whatsapp.net and whatsapp.com
Try this :
* Make address list that contain private IP (RFC1918), named like example LOCAL-IP
/ip firewall address-list
add address=0.0.0.0/8 list=LOCAL-IP
add address=10.0.0.0/8 list=LOCAL-IP
add address=100.64.0.0/10 list=LOCAL-IP
add address=127.0.0.0/8 list=LOCAL-IP
add address=169.254.0.0/16 list=LOCAL-IP
add address=172.16.0.0/12 list=LOCAL-IP
add address=192.0.0.0/24 list=LOCAL-IP
add address=192.0.2.0/24 list=LOCAL-IP
add address=192.168.0.0/16 list=LOCAL-IP
add address=198.18.0.0/15 list=LOCAL-IP
add address=198.51.100.0/24 list=LOCAL-IP
add address=203.0.113.0/24 list=LOCAL-IP
add address=224.0.0.0/4 list=LOCAL-IP
add address=240.0.0.0/4 list=LOCAL-IP
* Then catch the additional IP, add to WHATSAPP-CIDR
/ip firewall raw
add action=add-dst-to-address-list address-list=WHATSAPP-CIDR address-list-timeout=none-dynamic chain=prerouting comment="Catch Whatsapp IP" content=.whatsapp.net dst-address-list=!LOCAL-IP src-address-list=LOCAL-IP
add action=add-dst-to-address-list address-list=WHATSAPP-CIDR address-list-timeout=none-dynamic chain=prerouting comment="Catch Whatsapp IP" content=.whatsapp.com dst-address-list=!LOCAL-IP src-address-list=LOCAL-IP
CMIIW, sorry for my noobness.