Not at all my field of (little) experience, but if I were you I would start with a default Mikrotik set of firewall settings (and build if needed upon it) as per Rule #8:
optionally adding at the end of the forward chain the allowed things and closing it with a “drop all else” rule.
If you look around on the board you will find many examples of this latter modification, default firewall (for SoHo devices) is here:
In any case it is good practice (for readability, for the helping forum members, but also for you in the future) to group firewall filter rules by chain, rules are applied in top to bottom order within a same chain, it won’t change anything in the functions performed, but it is much more readable if you have first all input rules, then all forward rules, etc.