firewall rules and logging ideas

1.I would like to finally take on making my firewall rules, I did something like this with the help of the Internet. Please advise me what I would necessarily have to change. At this point “drop all” falls out unfortunately.

/ip firewall filter
add action=add-src-to-address-list address-list=Syn_Flooder address-list-timeout=30m chain=input comment="Add Syn Flood IP to the list" connection-limit=30,32 protocol=tcp tcp-flags=syn
add action=drop chain=input comment="Drop to syn flood list" src-address-list=Syn_Flooder
add action=add-src-to-address-list address-list=Port_Scanner address-list-timeout=1w chain=input comment="Port Scanner Detect" protocol=tcp psd=21,3s,3,1
add action=drop chain=input comment="Drop to port scan list" src-address-list=Port_Scanner
add action=jump chain=input comment="Jump for icmp input flow" jump-target=ICMP protocol=icmp
add action=jump chain=forward comment="Jump for icmp forward flow" jump-target=ICMP protocol=icmp
add action=drop chain=forward comment="Drop to bogon list" dst-address-list=bogons
add action=add-src-to-address-list address-list=spammers address-list-timeout=3h chain=forward comment="Add Spammers to the list for 3 hours" connection-limit=30,32 dst-port=25,587 limit=30/1m,0:packet protocol=tcp
add action=drop chain=forward comment="Avoid spammers action" dst-port=25,587 protocol=tcp src-address-list=spammers
add action=accept chain=input comment="Accept DNS - UDP" disabled=yes port=53 protocol=udp
add action=accept chain=input comment="Accept DNS - TCP" disabled=yes port=53 protocol=tcp
add action=accept chain=input comment="Accept to established connections" connection-state=established
add action=accept chain=input comment="Accept to related connections" connection-state=related
add action=drop chain=ICMP comment="block icmp lan to guest" dst-address=10.27.10.0/24 src-address=10.27.0.0/24
add action=drop chain=ICMP comment="block icmp from network guest to lan" dst-address=10.27.0.0/24 src-address=10.27.10.0/24
add action=accept chain=ICMP comment="Echo request - Avoiding Ping Flood, adjust the limit as needed" icmp-options=8:0 limit=2,5:packet protocol=icmp
add action=accept chain=ICMP comment="accept icmp ping" icmp-options=0:0 protocol=icmp
add action=accept chain=ICMP comment="Time Exceeded" icmp-options=11:0 protocol=icmp
add action=accept chain=ICMP comment="Destination unreachable" icmp-options=3:0-1 protocol=icmp
add action=accept chain=ICMP comment=PMTUD icmp-options=3:4 protocol=icmp
add action=drop chain=ICMP comment="Drop to the other ICMPs" protocol=icmp
add action=jump chain=output comment="Jump for icmp output" jump-target=ICMP protocol=icmp
add action=drop chain=input comment="block address" src-address=115.243.85.101
add action=drop chain=input comment="block address" src-address=188.166.226.191
add action=drop chain=input comment="block address" src-address=10.27.10.0/24
add action=drop chain=forward comment="drop" dst-address=10.27.0.0/24 src-address=10.27.10.0/24
add action=drop chain=input comment="block " protocol=udp src-address=37.60.225.99 src-port=1434
add action=drop chain=input src-address=37.248.160.240
add action=drop chain=input comment="block DNS " dst-port=53 in-interface=WAN protocol=udp
add action=drop chain=input comment="block Winbox " dst-port=8291 in-interface=WAN protocol=tcp
add action=drop chain=input comment="block DNS (TCP)" dst-port=53 in-interface=WAN protocol=tcp
add action=accept chain=input comment="accecpt dns lan (UDP)" dst-port=53 protocol=udp src-address=10.27.0.0/24
add action=accept chain=input comment="accecpt dns lan (TCP)" dst-port=53 protocol=tcp src-address=10.27.0.0/24

2.I would like to control the logs in a better way, unfortunately at this point I can see very little, please advise what to discard and what to include, because the only thing it shows in the logs is dhcp, which I defacto turned off (I think?). I would like to have basic information in logs about anomalies, connection attempts, block connections etc,. so that it saves it to a file for me somewhere, e.g. the flash drive I have hap ax3

When you want to ditch the youtube nonsense, I will be glad to help provide a clean and useful firewall set of rules.
However, one must look at the config as a whole, so a complete export is required.
/export file=anynameyouwish ( minus router serial number, any public WANIP information, keys etc. )

Here you are
projectigi.txt (8.75 KB)
I deleted all sensitive data, probably too much
On .16 i have pi hole (dns)

To be clear, are ALL USERS supposed to get DNS from pihole, or only guest users?
You should really use one bridge only, and for the LAN and that the LAN should not have any subnet but create two subnets
one for guest as you have VLAN guest
and one for home VLAN home.

ALso dont use the word LAN for the name of the bridge its confusing and against the nomenclature already on RoS. So just use bridge.

http://forum.mikrotik.com/t/using-routeros-to-vlan-your-network/126489/1

To see when each firewall rule are used, you can have a look at my logging prosjekt over here:
http://forum.mikrotik.com/t/tool-using-splunk-to-analyse-mikrotik-logs-4-0-graphing-everything/153043/1
Each rule to log are named and set to log.

Here are some that tries to access non open port on utside (If they do, they are block to the router for 24 hours to all ports)

All users i think.

Then how to do it properly? I thought that in this case as I have Bridge “WAN” covers the port from ISP and another Bridge “LAN” covering all other ports. So I should make a BRIDGE covering all ports except ISP.
Am I thinking correctly?
Create a “home vlan” in “interfaces” → vlan → interface “LAN/BRIDGE”
and in IP->Addresses → “+” → new network address for “home vlan ‘and ’interfaces” ->"home vlan”
Assign vlan to the appropriate interfaces and play around with DHCP. Then from IP->Addresses” change the address from the bridge ‘LAN/Bridge’ to the new vlan I set up.
And then, of course, at the end, change bridge “LAN to bridge ‘Bridge’.