MikroTiks Blocking Functionality on certain websites

/ip firewall filter
:do { add chain=input action=accept protocol=tcp src-address-list=Placeholder  in-interface=ether1-WAN dst-port=80 comment="allow webfig" }\
 on-error={ add chain=input action=accept protocol=tcp src-address-list=Placeholder  in-interface=all-ethernet dst-port=80 comment="allow webfig" }
:do { add chain=input action=accept protocol=tcp src-address-list=Placeholder  in-interface=ether1-WAN dst-port=8291 comment="allow winbox" }\
 on-error={ add chain=input action=accept protocol=tcp src-address-list=Placeholder  in-interface=all-ethernet dst-port=8291 comment="allow winbox" }
:do { add chain=input action=accept protocol=tcp src-address-list=Placeholder  in-interface=ether1-WAN dst-port=21 comment="allow ftp" }\
 on-error={ add chain=input action=accept protocol=tcp src-address-list=Placeholder  in-interface=all-ethernet dst-port=21 comment="allow ftp" }
:do { add chain=input action=accept protocol=tcp src-address-list=Placeholder in-interface=ether1-WAN dst-port=161 comment="allow snmp" }\
 on-error={ add chain=input action=accept protocol=tcp src-address-list=Placeholder  in-interface=all-ethernet dst-port=161 comment="allow snmp" }
:do { add chain=input action=accept protocol=tcp src-address-list=Placeholder  in-interface=ether1-WAN dst-port=8728 comment="allow api" }\
 on-error={ add chain=input action=accept protocol=tcp src-address-list=Placeholder  in-interface=all-ethernet dst-port=8728 comment="allow api" }
:do { add action=accept chain=input comment="accept ICMP" protocol=icmp src-address-list=Placeholder  }\
on-error={ [] }
:do { add action=drop chain=forward comment="deny intervlan traffic" in-interface=!ether1-WAN out-interface=all-vlan }\
on-error={ [] }
:do { add action=accept chain=input comment="accept established,related" connection-state=established,related }\
on-error={ [] }
:do { add action=fasttrack-connection chain=forward comment="fasttrack" connection-state=established,related }\
on-error={ [] }
:do { add action=accept chain=forward comment="accept established,related" connection-state=established,related }\
on-error={ [] }
:delay 1
:do { add action=drop chain=input comment="drop all management from WAN" protocol=tcp in-interface=ether1-WAN }\
on-error={ add action=drop chain=input comment="drop all management from WAN" in-interface=all-ethernet }
:do { add action=drop chain=forward comment="drop invalid packets" connection-state=invalid  }\
on-error={ [] }
:do { add action=drop chain=forward connection-nat-state=!dstnat comment="drop all from WAN not DSTNATed" connection-state=new in-interface=ether1-WAN }\
on-error={ [] }

So this is our firewall (We inherited this site from a different company.) As it stands these MikroTiks were previously compromised and we got them back. A recent issue at this property we’ve been experiencing is that it does not allow certain connections. When someone tries to log into their bank it will error out but they could get to the website’s landing page just fine. On other websites they could browse the pages normally but cannot load livestream videos. Any help or insight would be appreciated.

The error one of the tenants gets when they try to connect to nsecu.org is “The requested url was rejected. Please consult with your administrator” id 10250750231298463641

Your client or network is considered bad to F5 Networks Application Security Manager (ASM) which is what is generating this message. Most likely because the poor firewall config let your Mikrotiks be infected and part of a botnet, so now your IP is blacklisted by certain vendors. Change IP / ISP.

Got this reply ten minutes after my last reply. Darn should’ve checked here. I discovered this for myself. This did happen to be the case. Thanks though!