Firewall - Disable traffic for Forward Chain

Hi
I’m trying create rules for following manners:
Disable all traffic for Forward Chain
Enable traffic on Forward Chain for specific ip to internet access.

First I create a rule for accept traffic for specific ip:

ip firewall filter> add chain=forward action=accept connection-state=established,related,new src-address-list=access-host log=no log-prefix=""

After that, drop all traffic:

/ip firewall filter> add chain=forward action=drop  log=no log-prefix=""

When I prepare rules like above, hosts from list: access-host don’t have internet connection. Why ?
I thin it’s good rules, and when packet from ip that is in access-host goes to first rule then is processing by firewall, and host should have internet access.
When IP is not in list, they goes to DROP rule and access to internet is droped.

What I’m doing wrong ?
My intence is prepare firewall rules that only specific ip addresses have access to internet and rest of ip from my subnet have no access.

For me worked reverse configuration. Accept all forwarding traffic, but blocked for specific hosts.
Thanks for help.
Regards

No need to disable any traffic as you speak.

Simply take the default firewall rules as they are with some modification.

Create a last rule that blocks all other traffic as the last rule in the forward chain

add action=drop chain=forward.

Now all internet access is blocked all wan to lan traffic blocked and all lan to lan traffic is blocked.

However you didnt really state a complete set of requirements and you didnt provide your current config and you didnt provide a network diagram and thus the above may or may not solve your issues.

Where do you think the return traffic from the internet goes?