From winbox and command line I would like to kill all active connections to an ip/mac, or list of ips/macs and block them. I have setup using this guide https://www.youtube.com/watch?v=44f_SidI3Bs&app=desktop. But it does not stop active connections for example in facebook messenger instantly. This for a home router without a hotspot configuration.

Do you want to block specific services or block Internet access for specific devices?

Devices as if I were to physically unplug the ethernet cable.

My case, running DHCP on one of the routers, each MAC (client) always get same IP.
If I want to deny service to a client (IP address), I do the following:

1. In IP - DHCP Server - Leases, right click and "Make Static" IP address for the client you want to deny service
2. Then double click on the client and enable option "Block Access"
3. Go to IP - Firewall - Filter Rules, create a rule for the IP address, General tab - Chain - Forward, Src. Address - client IP, Dst. Address 0.0.0.0, Action tab - Action - drop
4. Go to IP - Firewall - Connections, filter connection by Source IP for the client, select all the connections and delete them.
5. Wait couple of seconds there should not be any more connections
6. later you can delete Filter Rule for blocking IP address, "Block Access" from the DHCP Server Leases menu will make sure no connection for that client will be established, DHCP server won't assign IP address to the client.

This works in my case and with my users, I believe there are other ways of blocking users as well, even less complicated