Beginner firewall rule question

Hello,

Mikrotik RB750Gr3, default firewall rules configuration (loaded with reset), eth1 as wan, each port eth2-eth5 set with proper ip and dhcp (no one is slave to other).
I want to block access to router from eth3, leaving access to internet from eth3.

Standing on
http://wiki.mikrotik.com/wiki/How_to_configure_a_home_router
All packets being sent to the router always traverse the ‘prerouting’ chain. At the end of ‘prerouting’ the router determines whether a packet is destined to the router itself (for example a packet that is part of a Winbox connection going from the management host to the router), or whether the packet should be sent out another interface. Packets to the router itself will then traverse the ‘input’ chain. Packets that will go through the router will traverse the ‘forward’ chain. Packets to the router itself will never be in the ‘forward’ chain, and packets through the router will never be in the ‘input’ chain.

I added rule: Action DROP Chain INPUT in.interface ETH3.
But the rule blocks also access to internet.
I presumed input chain should not affect internet access, only access to router.
What am I missing or misunderstanding?

Thanks in advance.

I found the cause of blocked access to internet. Really the access was not blocked, only access to dns server. I used static setting (not dhcp) on pc with dns server set to router ip, but with blocked access to router, dns was inaccessible. Setting dns server to external ip everything is ok. Sorry for the confusion.

Another option would be to allow dns requests to the router on UDP/TCP port 53 and block the rest.
I have to add that I follow this generic rule: Allow specific desired connection and drop everything else.

I did, it works. thank you.