Hi,
What is the simplest way to make sure I can admin the routerboard only via IP’s in a safe list?
Regards
Richy
Put those ip addresses into each service, disable all other services and implement firewall with general drop rule on the end of each chain explicitly enabling only what you need by rules above that.
Is that under
Ip / services?
Then just add in network ranges?
Then what would the firewall rule look like to drop connections?
Dont want to get it wrong then lock myself out 
Richy
You can do what Jarda said or you can just simply add network address under ip/services/winbox. After that, only address/address range will have access to router.
If you’re doing that remotely, enter Safe Mode first so that if you accidentally lock you out, those changes are rolled back.
Don’t forget to exit safe mode properly if everything works, as if you intentionally log out with safe mode on changes would be rolled back.