I am trying to find a solution with this configuration which for some reason don't work properly with some https sites like mail.google.com and with some banks as well
here is the firewall configuration
/ip firewall filter
add action=accept chain=input comment="Accept established connections" \
connection-state=established disabled=no
add action=accept chain=input comment="Accept related connections" \
connection-state=related disabled=no
add action=drop chain=input comment="Drop invalid connections" \
connection-state=invalid disabled=no
add action=accept chain=input comment=UDP disabled=no protocol=udp
add action=accept chain=input comment="Allow specific ports only" disabled=no \
dst-port=8291,1723,3333,3334,8080,443 protocol=tcp
add action=accept chain=input comment="Allow limited pings" disabled=no \
limit=50/5s,2 protocol=icmp
add action=drop chain=input comment="Drop excess pings" disabled=no protocol=\
icmp
add action=add-src-to-address-list address-list=blocked-addr \
address-list-timeout=1d48s chain=forward comment="DoS attack Prevention" \
connection-limit=100,32 disabled=no protocol=tcp
add action=tarpit chain=input connection-limit=3,32 disabled=no protocol=tcp \
src-address-list=blocked-addr
add action=drop chain=input comment="Block all other incoming ports" \
disabled=no protocol=tcp
any suggestions ?