Hey Guys, I’m a proud owner of a new RB450G and new to RouterOS. I was actually able to completely setup my routerboard using all the documentation available on the wiki. I wasn’t expecting to get this far this quickly, but so far so good 
I’m using this router in my home office. I have Eth1/PoE set as public interface and the rest of the ports are bridged w/DHCP enabled. I’ve got masquerading turned on so the LAN can access the internet. I’ve also added a few rules to protect the public interface. However, I’m curious if there’s a way to prevent the public interface from responding to ping outside LAN. Also, I’m not sure if I have to setup any rules for VPN passthrough. Do I need to set additional rules so LAN computers can VPN to other networks outside of LAN? I’m sure there is a way, I’m still learning the ropes. Any input would be greatly appreciated!
http://wiki.mikrotik.com/wiki/Firewall
You would want to edit some of the rules to make sure you don’t get locked out of your router inadvertently!
For any of your lan computers to have ‘internet presence’, you will need to assign it a public ip, using dst-nat.
http://www.mikrotik.com/testdocs/ros/3.0/qos/nat.php
For the VPN config proper, you have a number of options:
http://www.mikrotik.com/testdocs/ros/3.0/#Virtual%20Private%20Networking
Ah ha! Thanks eneimi, I found a good source in the links you provided:
Looks like this covers most of what I was looking for:
/ ip firewall filter
add chain=input connection-state=established comment="Accept established connections"
add chain=input connection-state=related comment="Accept related connections"
add chain=input connection-state=invalid action=drop comment="Drop invalid connections"
add chain=input protocol=udp action=accept comment="UDP" disabled=no
add chain=input protocol=icmp limit=50/5s,2 comment="Allow limited pings"
add chain=input protocol=icmp action=drop comment="Drop excess pings"
add chain=input protocol=tcp dst-port=22 comment="SSH for secure shell"
add chain=input protocol=tcp dst-port=8291 comment="winbox"
# Edit these rules to reflect your actual IP addresses! #
add chain=input src-address=159.148.172.192/28 comment="From Mikrotikls network"
add chain=input src-address=10.0.0.0/8 comment="From our private LAN"
# End of Edit #
add chain=input action=log log-prefix="DROP INPUT" comment="Log everything else"
add chain=input action=drop comment="Drop everything else"
However, now I see a ton more interesting topics to take care of, aka port scanners. I might have to add rules for that as well. Good sources. Thanks!
WoW! THis router is fast as hell! 
Huge improvements over the crapy DLink DGL4500. Perfect score on the ole shields up site.
The UI might be kindof crude, but Whooo! The packet sniffer in winbox is cool and it still does everything and more. I like the MikroTik terminal and commands too.
@ jhuntley
You probably need to do a bit more on the firewall. What you have done so far only protects the routeros. You will to set up some rules in the forward chain to protect the users behind the router.
I got some help in setting up my router and the basic would be something like below.
I have deleted a couple of lines which is only relevant for my system. Line 4 is forward of port 20-21 to my FTP server. The destination IP on your LAN should be set up in NAT
rgs Pilgrim
0 chain=forward action=drop connection-state=invalid
1 chain=forward action=accept connection-state=established
2 chain=forward action=accept connection-state=related
4 chain=forward action=accept protocol=tcp dst-port=20-21
5 chain=forward action=accept connection-state=new src-address=192.168.0.0/24
7 chain=forward action=drop src-address=192.168.0.0/24 dst-address=192.168.0.0/24
8 chain=input action=accept protocol=tcp src-address=192.168.0.0/24 dst-port=22
9 chain=input action=log protocol=tcp dst-port=22 log-prefix=“”
10 chain=input action=drop protocol=tcp dst-port=22
Well, I was successful in upgrading the router today from 3.23-3.28. All went smooth and I didn’t have to restore my configuration That’s a plus! However, I can now check the temp of the device and I noticed the router runs at pretty high temps, 63C. I assume this is common for this router? I also noticed under ‘Resources’, the ‘Bad Blocks’ value=11. Should I be concerned about this? Is this common?