firewall question

on my rb-1000 running 6.49.1 I have this single firewall rule on the interface going to my internet cable modem:

/ip firewall filter add action=drop chain=input in-interface=ether1

works fine, no complain, none of the router’s ports (ssh, etc.) are visible from the internet, it isn’t ping-able, no issue using the internet etc.
but going through the mikrotik docs, I see that I should add:

/ip firewall filter add action=accept chain=input connection-mark=“” connection-state=established,related

Why? I have added it but didn’t notice any change really.

Don’t forget your router itself also generates traffic to internet and returning “replies” should not be bluntly dropped (= input chain)
eg. NTP, DNS , Cloud.

Hence the “related,stablished” rules to allow traffic hitting the router itself that are part of a session or related to it.
Offcourse make sure the rule with “related,established” is ABOVE the generic “drop” rule or it will indeed to absolutely nothing.

Oh I see, so you’re saying, essentially that without this extra rule, I wouldn’t be able to upgrade my router for instance, or even ntp etc.

Thank you!

Probably also IPSEC-tunnels etc that you terminate on the box.
For example I also allow certain ICMP traffic to “hit” my input-chain.
But then all the way on the bottom, there is indeed a deny any any on the input chain just to be sure.