MikroTik

I have a Mikrotik Router with a wireless interface.

All useres connect to the wireless hotspot. For using the internet, they are required to establish a pppoe connection with a pppoe server in my network.

In order to keep useres from doing someting else then connecting with pppoe and surfing the web, I need some firewall rules.
e.g.: it shall not be possible for the clients to connect to the wireless station and ping network equipment or transfer data with other clients.

I am looking for some general rule, like: "drop all traffic comming in from the wireless interface except the pppoE connections"

This does sound interesting. I run a bridged network so I assume I'd need to use a bridge filter. Anyone know of a simple way to block everything except pppoe requests, the pppoe tunnel, arp, and mac-telnet. Is there anything else that's critical?

arp=reply-only

pppoe is identified as mac protocols 8864 and 8863 in bridge filters, allow these and drop the rest.