To hide your mikrotik from being appearing in WINBOX scan neighbor list, & to limit WINBOX access from your specific IP address or admin PC only,
Use the Following.
To disable winbox access using mac address you have to disable mac-server on the NIC
Go to Tools -> MAC Server
Click on the WinBox Interfaces Tab
By default this is set to all
You can add specific interfaces, and disable the all entry
OR using CLI, use the following command
/tool mac-server add disabled=yes interface=all /tool mac-server ping set enabled=no
Or disable MAC Discovery for all interfaces by using following
/ip firewall filter add action=drop chain=input comment="Block mikrotik discovery/zaib" disabled=no dst-port=5678 protocol=udp add action=drop chain=input comment="DROP ALL WINBOX REQUEST By MAC Address" disabled=no dst-port=20561 protocol=udp add action=drop chain=input comment="DROP ALL WINBOX REQUEST EXCEPT FROM MY PC" disabled=no dst-port=8291 protocol=tcp src-address=!192.168.2.6
The above rules will disable Mikrotik discovery via winbox, and also it will allow 192.168.2.6 to access Mikrotik. Make sure to change this ip address to match your management pc ip.
You can also disable Network Neighbor Discovery on the interface to which your network users are connected
Example:
/ip neighbor discovery set ether1 discover=no
TIP:
I recommend to block all UN-necessary services like www , ftp, ssh. Also do change the WINBOX Default port via IP > Services console just to make mikrotik more secure and allow only specific IP Address to be able to connect to Mikrotik via winbox
Regard’s
SYED JAHANZAIB
Syed Jahanzaib - Personal Blog to Share Knowledge ! 
Great………..
LikeLike
Comment by Shahan Ali — December 10, 2011 @ 11:04 PM
Working fine.
Can you please tell me how to configure The Dude step by step?
Please post dude configuration through winbox and also on dude?
Plsssssssssssssssssssss…
LikeLike
Comment by Ravi — December 13, 2011 @ 8:55 AM
Okay I will.
LikeLike
Comment by Pinochio~:) — December 13, 2011 @ 10:54 AM
If i want to allow more ips to acces MT via winbox, then what are the steps?
LikeLike
Comment by Muhammad Abdullah Butt — March 27, 2012 @ 5:50 PM
Create an ADDRESS LIST in FIREWALL > Address LIST, [Add all your IPs]
then allow this list, instead of IP’s in Filter Rule > ADVANCED > SRC. ADDRESS LIST
Regard’s
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — March 27, 2012 @ 10:27 PM
Asalam O Aalikum
mikrotik may Skype problam kar raha ha 5mints ka bad disconect ho jata ha Sir koi solution bataye
LikeLike
Comment by Arsalan — May 25, 2012 @ 2:34 AM
are you using PCC ?
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — May 25, 2012 @ 8:44 AM
Asalam O Aalikum
how can i block backup button in file list and terminal?
LikeLike
Comment by shahzad — August 19, 2012 @ 3:38 PM
Sir mane load-balancing k bad aik hotspot server lagaya ha usmey problam kar raha ha or yahoo ka bhi masla ha disconect ho jata ha
LikeLike
Comment by Arsalan Malick — August 21, 2012 @ 3:20 AM
Assalamualaikum. i read ur blogs since recent days. i think u can help me. im now expert using linux. just control my router rb450G using winbox. please help me. how to load balance 3 Wan using winbox? and also pass data automatically through other ether(s) when one or two link down.
Best regards
Md. Nur Eshaan
LikeLike
Comment by Eshaan Nur — October 1, 2012 @ 12:06 AM
Asalaam o Alaikum Sir.. maine winbox discovry block kia hai but kafi dair k bad show hojata hai winbox Y?? please tell me tanks
LikeLike
Comment by waqas — October 8, 2012 @ 5:02 PM
There must be some rules ordering issue. Check all rules.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — October 9, 2012 @ 4:32 PM
thanks sir
LikeLike
Comment by waqas — October 11, 2012 @ 2:52 PM
janab g mokrotik man loadbalanceing or hotspot ek sath sahi kam nahi krta plz help me loadbakanceing sahi nahi hoti
LikeLike
Comment by M.Tahir Shafiq — November 9, 2012 @ 11:41 PM
Try this
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — November 12, 2012 @ 10:30 AM
Sir je main ney ye rule copy kiya hai or Paste kiya hai
/tool mac-server
add disabled=yes interface=all
/tool mac-server ping
set enabled=no
/ip firewall filter
add action=drop chain=input comment=”block mikrotik discovery” disabled=no dst-port=5678 protocol=udp
add action=drop chain=input comment=”DROP ALL WINBOX REQUEST By MAC Address” disabled=no dst-port=20561 protocol=udp
add action=drop chain=input comment=”DROP ALL WINBOX REQUEST EXCEPT FROM MY PC” disabled=no dst-port=8291 protocol=tcp src-address=!192.168.2.6
is say kiya faida hoga u mean is say just jo ip add karain gey us k pass he jaye ga just Mikrotik mean use kar sakay ga ?
LikeLike
Comment by rizwan ahmed — December 22, 2012 @ 12:28 AM
The benefit of using above rules are that it will block auto discovery of Mikrotik via winbox, so know on your LAN will know that you are running mikrotik. Also it will allow only single IP of your choice to connect to Mikrotik via WINBOX for management purposes.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — January 13, 2013 @ 9:41 PM
you are great…..amazing you are …
qasam se kya batao sara mikrotik ap se sikha hai mene… mashallaah…allah apko or kamiabi ata kare or kisi ki buri nazron se bachae …
LikeLike
Comment by Rana Usman — January 13, 2013 @ 7:27 PM
Hi
Please how do I block the IP address of a client on a mikrotic brass using winbox.Or in short block a p2p customer from the internet.I am a network admin but a newbie in mikrotic routers.
Thanks
LikeLike
Comment by NYANGANG — January 18, 2013 @ 4:49 PM
Please Rephrase your query again.
LikeLike
Comment by Syed Jahanzaib / Pinochio~:) — January 19, 2013 @ 11:22 AM
thanks
LikeLike
Comment by Choirul Dimyati — June 23, 2013 @ 7:54 PM
Assalam O Aaalikum Zaib ek bohat zarori guzarish hay yar ne Winbox Discovery disable karna bataya hay ye source apply karnay k bad bhe wo lan pe har kisi client ko show pher bhe ho raha hay mein ne kafi client k pas winbox dala tu wo tu wahi ka wahi jaysa tha yar waysa he hay is se kuch effect nahi parha Actually mein bhe yehi chahta ho client side par kisi ko winbox pe mera mikrotik show na ho scanning mein plz yar video tutorial hota tu or behtar work ho jata mein ne ye 8 se 10 bar graphicaly bhe apply kar liya cli bhe but nahi ho raha plz video ya gui mode pe snap shots k zariye step by step batain tu behtar rehnumai hoti read Zarori kijiye ga or jald reply kariye ga Assalam O Aalikum
LikeLike
Comment by Mubeen Ahmed — August 26, 2013 @ 2:27 PM
blocking the MAC and IP discovery in winbox is working , thanks
LikeLike
Comment by balakumar.m — September 2, 2013 @ 4:54 PM
Assalam O Aaalikum
maikrotik mai user k pas bas smtp (outlook) ka excess dayna hai baki INTERNET browsing nahi ho koi haal hai to plz batain
LikeLike
Comment by asim — April 23, 2014 @ 1:35 PM
thanks….
LikeLike
Comment by jusak — October 24, 2014 @ 8:51 AM
hello , I have a question , I have a network with hotspots , but when my user connect , and go to Windows – > LAN , viewing other users’ PCs .
how can I do so that the user can not see each other in my network? š
LikeLike
Comment by antonio — September 19, 2016 @ 5:35 PM
[…] Mikrotik Howto block Winbox Discovery + Limit Winbox Access | Syed Jahanzaib Personal Blog to Share … […]
LikeLike
Pingback by Some links for MikroTik tips and scripts « The Wiert Corner – irregular stream of stuff — April 25, 2017 @ 10:01 AM
sir ,, mein winbox mein wan mein lagi ubiquti ki device lan yani client par open karta hu to pehly open hoti thi ab open nai ho rahi kya koi settings ka issue hai
LikeLike
Comment by adnanrajpoot (@Engadnanrajput) — April 22, 2018 @ 12:09 PM
I did something recently on my MikroTik running RouterOS 6.43.2 that prevents it from being discovered by Winbox. I checked settings under /tools mac-server but they are all set to “all”. Can an “input” rule prevent Winbox discover…but I haven’t changed any input rules recently. Other MikroTiks on my network do show up when I look at “Neighbors” tab in Winbox. Any suggestions on where else I should look?
LikeLike
Comment by Don Ramm — February 10, 2019 @ 9:12 PM
I found another item that told me to look under IP – Neighbors – Discovery Settings. Under “Discovery Settings” “Interface” was set to “discover”. I looked at another MikroTik and “Interface” was set to “! dynamic” (all except “dynamic”). Set my hidden MikroTik to that and now it shows up in “Neighbors” tab of Winbox. I played around with the settings under “Discovery Settings” and I do not understand what they mean. (I set “Interface” to “LAN” and MikroTik does not show up in Winbox. I change it to “! LAN” (anything but LAN) and it does. Well, I able to see it in Winbox now. I left “Interface” set to “! dynamic” which I assume is the default setting.
LikeLike
Comment by Don Ramm — February 10, 2019 @ 9:27 PM