Mikrotik hAP ac^2 firewall rule drops packets on input chain not coming from LAN. Everything seems to work fine. Confusion is why so many packets are blocked? 2X (twice as many) packets are blocked (not coming from LAN) as accepted (established, related, untracked). Rules on input chain in order:
accept (established, related, untracked) 35129
drop invalid 7920
accept ICMP 3497
drop not coming from LAN 57877
Curiosity makes me ask. Where do these packets come from? Is this normal?
Thanks in advance for your thoughts.
It also depends on your ISP: whether it passes multicast traffic through, and whether broadcasts at the ISP reach also your link.
You should also analyze the protocols as well the ports of the blocked packets.
Check among the blocked ones especially time server broadcast and multicast packets.