Hi. When googling Mikrotik Firewall you will find the “Basic Universal Firewall Script” from wiki.mikrotik.com .
http://wiki.mikrotik.com/wiki/Basic_universal_firewall_script
This seems to be a good place to start, but I wonder if it really should default open up for DNS from outside - This can’t be needed in a basic universal firewall?
A friend of mine got a DDOS-mail from his ISP after using this script, and the open DNS recursor was the problem.
A better starting point would be the default configuration firewall on SOHO RBs: (/system default-configuration print)
/ip firewall
filter add chain=input action=accept protocol=icmp comment="default configuration"
filter add chain=input action=accept connection-state=established,related comment="default configuration"
filter add chain=input action=drop in-interface=ether1-gateway comment="default configuration"
filter add chain=forward action=fasttrack-connection connection-state=established,related \
comment="default configuration"
filter add chain=forward action=accept connection-state=established,related comment="default configuration"
filter add chain=forward action=drop connection-state=invalid comment="default configuration"
filter add chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface=ether1-gateway \
comment="default configuration"
change ether1-gateway to your WAN interface.
I Agree. So who will change the Wiki? 