Is firewall Connection Tracking or NAT in any way linked to upstream interface in RouterOS?
I mean, we plan to multihome with ISP1 and ISP2 and announce the same /24 to both ISPs, and want to srcnat outbound traffic from a private network behind one of the public addresses in the /24.
Default gateway is via ISP1, which is the main uplink we use, but based on BGP I assume it may happen that a reply to an outbound session via ISP1 finds its way back via ISP2 instead.
I have seen the documentation about rp-filter and ensured it is left at ‘no’.
Will this work, or is anything in the firewall expecting a fully symmetric routing that would break this?
You should use 2 routers for that, one to do the external BGP and runs without connection tracking and NAT, then another one behind that to do your NAT and other firewalling, maybe your PPPoE etc.
Combining that in a single router will cause issues, as you correctly point out.
While using Border Gateway Protocol (BGP) the inbound traffic to router will always prefer the nearest route.
But you can actually use route filters (AS Prepend) to increase the traffic to ISP1/ISP2 (As per your wish).