On the wiki, there are instructions for blocking DHCP with a bridge firewall. Unfortunately it seems to be out of date.
It uses the "input" chain, where the correct chain seems to be "filter".

Corrected:

/interface bridge filter
add action=log chain=filter comment="Block DHCP servers on 192.168.0.0/16" \
disabled=no dst-address=255.255.255.255/32 ip-protocol=udp log-prefix=\
"ALERT ROGUE DHCP (BLOCKED)" mac-protocol=ip src-address=192.168.0.0/16 \
src-port=67-68
add action=drop chain=filter comment="Block DHCP servers on 192.168.0.0/16" \
disabled=no dst-address=255.255.255.255/32 ip-protocol=udp mac-protocol=\
ip src-address=192.168.0.0/16 src-port=67-68

Even simpler (all I wanted to do was block all DHCP requests through the bridge:
/interface bridge filter
add action=log chain=filter comment="Block DHCP traffic" \
disabled=no ip-protocol=udp mac-protocol=ip src-port=67-68

Remember to turn on "use-ip-firewall=yes".

I can't figure out how get registered on the wiki, so I'm posting it here, hoping some one will fix it and save others much wasted time.

My corrections that works for me:

/interface bridge filter
add action=log chain=input comment="Block DHCP" \
disabled=no dst-address=255.255.255.255/32 ip-protocol=udp log-prefix=\
"ALERT ROGUE DHCP (BLOCKED)" mac-protocol=ip src-port=67-68
add action=drop chain=input in-interface=ether2 comment="Block DHCP" \
disabled=no dst-address=255.255.255.255/32 ip-protocol=udp mac-protocol=ip src-port=67-68

out-interface does not work in chain=forward

When set interface, only on this can be block, all another interface has dhcp.

ros 6.43 and later supports DHCP Option 82 / DHCP-Snooping