How can I block all ssh connection from the Internet to pass through the Mikrotik (going to LAN)?

Internet --------------> Mikrotik -----------------> LAN
Eth1 & Eth3 (WAN)
Eth2 (LAN)

I am thinking of creating 2 Firewall rules, 1 for Eth1 and 1 for Eth3

Example:
a. Chain: Input
b. In. Interface: ether1
c. Layer7 Protocol: ssh
d. Action: drop

Please have a look at the attached file if that is correct or guide the best possible solution. Thanks

Put the appropriate firewall rule on the forward chain. The input chain is just for traffic headed into the router itself, forward is for traffic that is going through the router to another device.

Feklar, thank you for your reply.

Lets see if I get this correct now.

General tab on Winbox
a. Chain: forward
b. Protocol: 6 (tcp)
c. Dst. Port: 22
d. In. Interface: ether1

Action tab
e. Action: drop

Then I will make another 1 rule for ether3.

Thanks again

That is the most basic way of doing it, yes. It also needs to be further up in the chain than any accept rule that might fire before those two.

Many people will accept things from known networks and drop everything else, it all depends on how you want to set it up and what fits your needs best.

Thanks again, Feklar.

Much appreciated, the idea helps a lot...