I need to configure MT as router with firewall - block all nework traffic, allow onlylisted web sites: www.wp.pl www.onet.pl
and I think google DNS ip address 8.8.8.8.
I configured DHCP (default pool 192.168.88.0/24), and masquerade, I created 2 bridges (wan - eth1, lan eth2-10), wan bridge has static ip, routing set and working (all lan computers has internet access).
I was trying to se firewall rules to block all traffic and allow only selected sites, but I failed.
I was using output and input chains and I failed to configure firewall as I wanted.
That is likely to be a problem. Input chain is only for traffic destined to the router itself. Likewise, output is only for traffic originating from the router itself. For a traffic going through the router (i.e. from your local computer to the Internet) you should use chain forward.
Deactivate the external DNS-server: /ip dns set server=
Then put those two domains in you static part of DNS of the Mikrotik. Then block any DNS requests from clients so that they can’t get the IP from a different DNS-server.
You have also to block all traffic except those those two by adding two rules: one and two to give access to those two sites and the third one to block all other 80 and 443 as ports and leave the dst address empty.