Starting Nmap 7.31 ( https://nmap.org ) at 2017-02-16 17:13 RTZ 4 (ceia)
Nmap scan report for xxx.xxx.xxx.xxx

PORT STATE SERVICE
181/tcp open unify

RouterOS opened 181 tcp port? what is it? how to disable?

RouterOS is not using this port. Are you using nmap on the correct device? Maybe you have port forwarding.

i am block all incoming tcp packets with firewall rule, but this tcp 181 still OPENED!
(same as tcp port 2000 - service Btest server, if they enabled!)

firewall nat - is clean!

[root@MikroTik-Z] > /ip firewall filter print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=input action=reject reject-with=icmp-network-unreachable protocol=tcp log=no log-prefix=""

[root@MikroTik-Z] > /system routerboard print
routerboard: yes
model: 951Ui-2HnD
serial-number: 7175060DB1F2
firmware-type: ar9344
factory-firmware: 3.33
current-firmware: 3.33
upgrade-firmware: 3.33

[root@MikroTik-Z] > /system package print
Flags: X - disabled
# NAME VERSION SCHEDULED
0 system 6.37.1
1 security 6.37.1
2 wireless 6.37.1
3 advanced-tools 6.37.1
4 dhcp 6.37.1
5 X ppp 6.37.1
6 routing 6.37.1

Set log=yes and check log if you are scanning the correct device
RouterOS does NOT use such port. Plus, you have firewall, as you demonstrated.

Yes! Device is correct - MikroTik! in log window - scan flood!
what is next?

Remove your reject rule and try this: And then connect to port 181 with something (e.g. telnet).

This is what you'll see for closed port: And this would happen for open one:

dst-nated before this router, sorry! thx for help!