So now I've re-ordered a few rules based on your suggestions, traffic flow etc. Most of my understanding is based on experience with Cisco ACLs, ip inspect rules and some BSD pf. Cisco ACL has an implied deny-all at the bottom of the list, so need to double check I've done that on Mikrotik! [admin@O...