Firewall rule question

I have two mikrotik RB750Gr3 one with static IP one with pppoe
I need to resolve dns name on the winbox terminal (in a script)

The static IP router do it well with these rules

add action=accept chain=input connection-state=established,related in-interface=1_WAN
add action=drop chain=input connection-state=invalid connection-type=""
add action=accept chain=input protocol=icmp
add action=drop chain=input in-interface=1_WAN log-prefix=eldob

the pppoe need an extra line to resolve the domain names (3rd rule)
if I disable the 3rd rule the dns queries are dropped by the 4th line.

add action=accept chain=input connection-mark="" connection-state= established,related connection-type="" in-interface=pppoe-out1
add action=accept chain=input in-interface=pppoe-out1 protocol=icmp
add action=accept chain=input in-interface=pppoe-out1 protocol=udp src-port=53
add action=drop chain=input in-interface=pppoe-out1

What did I wrong with pppoe firewall rules?

Setting attributes to empty string is not the same as not setting them at all. So your first filter rule on PPPoE-connected router should almost identical to the one on statis IP router except for the in-interface:

add action=accept chain=input connection-state=established,related in-interface=pppoe-out1

As the rule is currently, it probably doesn’t match any packets …

BTW, I don’t understand how you managed to set connection-type=“”, my box (6.47.1) rejects it.

That was the fault.
I thought the empty parameter is the same as the not defined. As I removed the connection-type=“” as you advised and
the DNS resolving started to work without the extra rule. As I see I need to clear some other parameters, too.

Thank MKX,