Is not better to change winbox port at random like 56897, and use “port knocking” to temporary allow that single IP “knock”
and simply dropping all the other connections?
these rules can not permit any type of ddos attack.
http://forum.mikrotik.com/t/buying-rb1100ahx4-dude-edition-questions-about-firewall/148996/4