I set the ipsec tunnel on the default settings of mikrotik version 6.49.10 and it works properly.
But I would like it to work only in one direction and I added:
/ip firewall filter
add action=drop chain=forward dst-address-list=dst src-address-list=src
but the rule blocks traffic in both directions.
How to block one-way traffic?

In dependence of what traffic you will be blocking - inbound or outbound, you can use ipsec-policy matcher in,ipsec or respectively out,ipsec in a drop rule:
where * is in or out