IP clud update

I need help with firewall rule for IP cloud update.
Currently my Firewall is like this:

/ip firewall filter
add action=reject chain=forward comment="1.0 Reject VPN Access from WiFi" disabled=yes dst-address-list=Private_Networks reject-with=icmp-network-unreachable \
    src-address-list=Wireless_Networks
add action=accept chain=input comment="2.1 Allow New Connection to MTK from LAN" connection-state=new src-address-list=Private_Networks
add action=accept chain=input comment="2.4 Allow Established and Related Connection to MTK from LAN" connection-state=established,related src-address-list=\
    Private_Networks
add action=accept chain=input comment="Allow IP Cloud" in-interface=ether1 protocol=udp src-port=15252
add action=accept chain=input comment="2.2 Allow Winbox" dst-port=8291 protocol=tcp
add action=accept chain=input comment="2.2 Allow_ICMP" connection-state=established,new protocol=icmp
add action=drop chain=input comment="2.5 Drop All Input to MTK"

but IP cloud update is not working. If I disable Drop All everything Works, but I rather wouln’t disable it.

First of all: the firewall filter rules are WTF.

Second: the firewall rule you have to allow cloud updates is weird … it just allows any UDP connection to RB originating from port 15252 … regardless the source address and, more importantly, regardless of who initiated the connection (and for this particular service, connection initiator should be your router). SOHO default firewall has rule “chain=input action=accept connection-state=established,related” and that’s proper way of dealing with connections initiated by router itself.