jarda, jebz,
Thanks for your answers, I was thinking that simple rules from this post should be enough — http://forum.mikrotik.com/t/firewall-rules/69251/1
Now I added two more input rules, so now its:
/ip firewall filter
add action=fasttrack-connection chain=forward connection-state=established,related
add chain=forward connection-state=established,related
add action=drop chain=forward connection-state=invalid
add action=drop chain=input comment=“Disallow weird packets” connection-state=invalid
add action=drop chain=input dst-port=53 in-interface=ether1 protocol=udp
add action=drop chain=input dst-port=53 in-interface=ether1 protocol=tcp
add chain=input comment=“Allow LAN access to router and Internet” connection-state=new in-interface=all-ethernet
add chain=input comment=“Allow connections that originated from LAN” connection-state=established
add chain=input comment=“Allow connections that originated from LAN” connection-state=related
add chain=input comment=“Allow ping ICMP from anywhere” protocol=icmp
add action=drop chain=input comment=“Disallow anything from anywhere on any interface”
add action=drop chain=forward comment=“Disallow weird packets” connection-state=invalid
add chain=forward comment=“Allow LAN access to router and Internet” connection-state=new in-interface=all-ethernet
add chain=forward comment=“Allow connections that originated from LAN” connection-state=established
add chain=forward comment=“Allow connections that originated from LAN” connection-state=related
add action=drop chain=forward
Is this ok or I have to add more of fw rules?