Hello, first time posting here. Thank you for looking.
I have two CCR1036-8G-2S+ devices. I have a firewall configuration question.
See the diagram for how I’m setup (IP’s are changed to protect the innocent 
). What I need to do is block incoming VOIP traffic (Port 5606) from anyone other than a specific IP (use 9.9.9.9 as an example) on our VOIP interface. I’m not strong with the RouterOS configuration, but what would the command be?
netmap.jpg
normally, you make a firewall rule.
something like:
first allow explicitely what should go through:
/ip firewall filter add chain=forward dst-port=5606 protocol=udp src-address=9.9.9.9
/ip firewall filter add chain=forward dst-port=5606 protocol=tcp src-address=9.9.9.9
Then block everything else:
/ip firewall filter add action=drop chain=forward dst-port=5606
the order is important! block everything else should be last rule.
I did not test this but this is basically how it should be.
Thank you BlackICE, I’ll give that a shot and let you know.