What I’ve intended with this rule: Don’t allow connection from anywhere except from “CountryIPAllow”
But the problem is, if this rule is enabled, all my computers and phones etc have internet access, but my router doesn’t get updates and can’t ping anything.
So no internet for my router.
Maybe someone can explain me how to fix it.
In general, input rules are to the router, forward rules are from the LAN to the LAN/LAN to WAN/WAN to LAN.
Thus you have restricted your router, not your LAN.
What is your concern?
People on your internet going to certain countries?
People from some countries trying to ping your router?
People from some countries trying to get on your servers?
Without articulating your requirements without discussing solutions or equipment, help will be hard to find.
I use similar to exclude a few countries from reaching me and my router (and vice versa). Your router is most likely trying to reach DNS outside your country and updates will be coming from MT (Latvia?) so a different approach is probably needed.
If this is for access control you would be better really restricting the locations rather than blanketing “a country” as otherwise you get results as you have found. Maybe “a” public subnet at most? Maybe lock it down to an internal range and VPN in?
what is the order of your firewall rules?
If this is the first rule (or anywhere before accept related, established in input chain), then for example when your router tries to connect to mikrotik update server in Latvia, the server reply would be blocked by this rule.
So make sure, you have correct accept rule for established, related packets in input chain before this drop rule.