I think you got my question wrong.
I'd like to block telnet/snmp/ssh to the router via all physical interfaces except the management interface.
the old version had the command control-plane host which allowed you to decide which interface is allowed to do it.
yet - it does not appear in th version 3.16.4b.
any suggestions ?