/ip firewall mangle
add action=mark-routing chain=prerouting dst-address-list=blocked
new-routing-mark=vpn passthrough=yes
2.
add some_addr to blocked list
3.
ping some_addr
from router SSH
But packets counter not increased in web-interface 
Why?
Do you have the IP firewall enabled for the bridge? If not, then all traffic on the same subnet will simply pass through as layer 2 traffic and bypass the firewall completely if I’m not mistaken.
Local traffic uses chain=output, as you can see here: https://wiki.mikrotik.com/wiki/Manual:Packet_Flow#Routing_Diagram
Thank you, but it’s very hard to understand this diagram at evening 
How to route ping from mikrotik to other interface for some adresses in this case?
It’s probably easier when you know that:
I = incoming traffic from elsewhere
J = local process on router (incoming traffic)
K = local process on router (outgoing traffic)
L = outgoing traffic to elsewhere
In your case it should be enough to change chain from prerouting to output.
Thank you, Sob!
Anybody else want theT-Shirt??
On the back it will say: Sob Knows Shit