Have a few apps using specific ports and protocols connecting to servers in another location via internet. I’m trying to create the pool of IPS the set of local network IPs can connect to, everything else to be dropped and all other ports to be closed, thus wanted to hear your opinion on the following configuration:
/ip firewall address-list
add list=Approved-dst-list address=xxx.xxx.xxx.xxx
add list=Approved-src-list
/ip firewall filter
add chain=drop src-address-list=!Approved-src-list dst-address-list=!Approved-dst-list
Would that be a correct approach? Also, whats the best way to close ALL ports other than lets say 443 (https)?