Problem with portscan detection

Hi all.
I try configure basic setup for port scan detection (too protect customers) with http://wiki.mikrotik.com/wiki/Drop_port_scanners.

What happens is that some off ours public IP address are detected as port scaner…
Our users is connected with PPPoE.

Is that normal?

Yes, that can be normal. To prevent that, create an accept rule before the port scanner rules. Use an access list to add the IP address that you don’t want to process.