/ip firewall filter add action=accept chain=input dst-port=53 in-interface=all-ppp protocol=udp
Gateway for this route should be IP address on clients's WAN interface, i.e. 2a01:xx:xxxx:1000::73.i've add Static Router 2a01:xx:xxxx:1001::/64 gateway vlan100
/ip firewall filter add chain=input action=accept protocol=udp dst-port=1701 ipsec-policy=in,ipsec
And whether it's the case, probably yes, but it's hard to tell exactly if you don't show your config.Https uses port 443... so by incorrectly forwarding this port you can create problems...!
/ipv6 firewall filter add chain=forward dst-addres=2a00:ee2:900:e700:5c47:2365:b1d2:67d protocol=tcp dst-port=80 action=accept ...
/ip firewall mangle add chain=prerouting connection-state=new dst-address=***.126.***.68 protocol=tcp dst-port=8080 action=log log-prefix="port8080"
passthrough - if packet is matched by the rule, increase counter and go to next rule (useful for statistics).
/system logging add topics=ipsec,!packet