I noticed that I am able to connect to Mikrotik hAP AC2 via winbox when using local link connection on Linux despite setting user address, winbox address and mac-winbox for a specific interface. In particular, I set:
/user set [/user find where name="username"] address=192.168.0.0/24
/ip service set winbox address=192.168.0.0/24
/ip neighbor discovery-settings set discover-interface-list=MGMT
/tool mac-server set allowed-interface-list=MGMT
/tool mac-server mac-winbox set allowed-interface-list=MGMT
I thought that with these settings I will be able to access the server only when I am connected to MGMT network. This is also how it used to work in ROS 7.1.3. However, to my surprise, using local connection on ROS 7.1.5 I can discover neighbour MAC address on Mikrotik as well as access the server using winbox. Is this a bug or has something changed in the meantime? How can I prevent local link connections from accessing the device?