Вот текущие правила:
add action=drop chain=input comment="Drop echo request" icmp-options=8:0 in-interface-list=WAN protocol=icmp
add action=accept chain=input comment="Accept ICMP" protocol=icmp
add action=accept chain=input comment="Accept established,related,untracked" connection-state=established,related,untracked
add action=accept chain=input comment="Allow remote WinBox access from WAN" dst-port=8291 in-interface-list=WAN protocol=tcp
add action=drop chain=input comment="Drop invalid" connection-state=invalid
add action=drop chain=input comment="Drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="Accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="Drop invalid" connection-state=invalid
add action=drop chain=forward comment="Drop all from WAN not DSTNATed"connection-nat-state=!dstnat connection-state=new in-interface-list=WAN