Ok. Thank you. Can you give me example when use input and output ?
output is traffic that is generated by router itself. For example, web proxy requests, DNS resolve requests that cannot be resolved by DNS cache.
Input is for connections to the services provided by the router. When user tries to resolve DNS name using DNS cache on the router. If the router has already cached DNS name, then there will only be a connection to the router. Same for web proxy, if the content is already cached, there will be only connection from the client to the router. Also in this category - Hotspot captive page, SSH/telnet/API connections, winbox, FTP, SOCKS proxy. All these services can be protected by the firewall residing on the router using input chain.
From experience, output chain is rarely used as you usually want to allow connections from the router to the outside world. Then you use input to protect the router. You use forward to protect customers form the internet and vice versa.
How to save configuration on another device ?backup