Tel me what the error in my firewall filter and Nat and mangle
Please help me and what the bad rule and tell me the good rules
[admin@mikrotik] ip firewall filter> print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; Drop Blaster Worm
chain=virus protocol=tcp dst-port=135-139 action=drop 1 ;;; Drop Messenger Worm
chain=virus protocol=udp dst-port=135-139 action=drop
2 ;;; Drop Blaster Worm
chain=virus protocol=tcp dst-port=445 action=drop
3 ;;; Drop Blaster Worm
chain=virus protocol=udp dst-port=445 action=drop
4 ;;; ________
chain=virus protocol=tcp dst-port=593 action=drop
5 ;;; ________
chain=virus protocol=tcp dst-port=1024-1030 action=drop
6 ;;; Drop MyDoom
chain=virus protocol=tcp dst-port=1080 action=drop
7 ;;; ________
chain=virus protocol=tcp dst-port=1214 action=drop
8 ;;; ndm requester
chain=virus protocol=tcp dst-port=1363 action=drop
9 ;;; ndm server
chain=virus protocol=tcp dst-port=1364 action=drop
10 ;;; screen cast
chain=virus protocol=tcp dst-port=1368 action=drop
11 ;;; hromgrafx
chain=virus protocol=tcp dst-port=1373 action=drop
12 ;;; cichlid
chain=virus protocol=tcp dst-port=1377 action=drop
13 ;;; Worm
chain=virus protocol=tcp dst-port=1433-1434 action=drop
14 ;;; Bagle Virus
chain=virus protocol=tcp dst-port=2745 action=drop
15 ;;; Drop Dumaru.Y
chain=virus protocol=tcp dst-port=2283 action=drop
16 ;;; Drop Beagle
chain=virus protocol=tcp dst-port=2535 action=drop
17 ;;; Drop Beagle.C-K
chain=virus protocol=tcp dst-port=2745 action=drop
18 ;;; Drop MyDoom
chain=virus protocol=tcp dst-port=3127-3128 action=drop
19 ;;; Drop Backdoor OptixPro
chain=virus protocol=tcp dst-port=3410 action=drop
20 ;;; Worm
chain=virus protocol=tcp dst-port=4444 action=drop
21 ;;; Worm
chain=virus protocol=udp dst-port=4444 action=drop
22 ;;; Drop Sasser
chain=virus protocol=tcp dst-port=5554 action=drop
23 ;;; Drop Beagle.B
chain=virus protocol=tcp dst-port=8866 action=drop
24 ;;; Drop Dabber.A-B
chain=virus protocol=tcp dst-port=9898 action=drop
25 ;;; Drop Dumaru.Y
chain=virus protocol=tcp dst-port=10000 action=drop
26 ;;; Drop MyDoom.B
chain=virus protocol=tcp dst-port=10080 action=drop
27 ;;; Drop NetBus
chain=virus protocol=tcp dst-port=12345 action=drop
28 ;;; Drop Kuang2
chain=virus protocol=tcp dst-port=17300 action=drop
29 ;;; Drop SubSeven
chain=virus protocol=tcp dst-port=27374 action=drop
30 ;;; Drop PhatBot, Agobot, Gaobot
chain=virus protocol=tcp dst-port=65506 action=drop
31 ;;; jump to the virus chain
chain=forward action=jump jump-target=virus
32 ;;; Port scanners to list
chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list
address-list=port scanners address-list-timeout=2w
33 ;;; NMAP FIN Stealth scan
chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
action=add-src-to-address-list address-list=port scanners address-list-timeout=2w
34 chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list
address-list=port scanners address-list-timeout=2w
35 ;;; SYN/FIN scan
chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list
address-list=port scanners address-list-timeout=2w
36 ;;; SYN/RST scan
chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list
address-list=port scanners address-list-timeout=2w
37 ;;; FIN/PSH/URG scan
chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
action=add-src-to-address-list address-list=port scanners address-list-timeout=2w
38 ;;; ALL/ALL scan
chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
action=add-src-to-address-list address-list=port scanners address-list-timeout=2w
39 ;;; NMAP NULL scan
chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
action=add-src-to-address-list address-list=port scanners address-list-timeout=2w
40 ;;; dropping port scanners
chain=input src-address-list=port scanners action=drop
41 X ;;; Port scanners to list
chain=forward protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list
address-list=port scanners address-list-timeout=2w
42 ;;; NMAP FIN Stealth scan
chain=forward protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
action=add-src-to-address-list address-list=port scanners address-list-timeout=2w
43 chain=forward protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list
address-list=port scanners address-list-timeout=2w
44 ;;; SYN/FIN scan
chain=forward protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list
address-list=port scanners address-list-timeout=2w
45 ;;; SYN/RST scan
chain=forward protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list
address-list=port scanners address-list-timeout=2w
46 ;;; FIN/PSH/URG scan
chain=forward protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
action=add-src-to-address-list address-list=port scanners address-list-timeout=2w
47 ;;; ALL/ALL scan
chain=forward protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
action=add-src-to-address-list address-list=port scanners address-list-timeout=2w
48 ;;; NMAP NULL scan
chain=forward protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
action=add-src-to-address-list address-list=port scanners address-list-timeout=2w
;;; dropping port scanners
chain=forward src-address-list=port scanners action=drop
chain=forward protocol=tcp action=jump jump-target=restrict-tcp
chain=forward protocol=udp action=jump jump-target=restrict-udp
chain=forward action=jump jump-target=restrict-ip
chain=restrict-tcp connection-mark=auth action=reject
reject-with=icmp-network-unreachable
;;; anti-spam policy
chain=restrict-tcp connection-mark=smtp action=jump jump-target=smtp-first-drop
chain=smtp-first-drop src-address-list=first-smtp action=add-src-to-address-list
address-list=approved-smtp address-list-timeout=5s
chain=smtp-first-drop src-address-list=approved-smtp action=return
chain=smtp-first-drop action=add-src-to-address-list address-list=first-smtp
address-list-timeout=5s
chain=smtp-first-drop action=reject reject-with=icmp-network-unreachable
chain=restrict-tcp connection-mark=other-tcp action=jump jump-target=drop
chain=restrict-udp connection-mark=other-udp action=jump jump-target=drop
chain=restrict-ip connection-mark=other action=jump jump-target=drop
;;; drop all p2p
chain=forward packet-mark=p2p time=0s-0s,sat,fri,thu,wed,tue,mon,sun action=drop
;;; drops all TCP packets that are destined to port 135 and going through the router
chain=forward protocol=tcp dst-port=135 action=drop
[admin@mikrotik] ip firewall nat> print
chain=srcnat out-interface=Public src-address=10.90.40.0/24 action=masquerade
chain=srcnat out-interface=Public src-address=192.168.10.0/24 action=masquerade
chain=dstnat in-interface=Lan src-address=10.90.40.0/24 protocol=tcp dst-port=80
action=redirect to-ports=3128
chain=dstnat in-interface=Pppoe Server src-address=192.168.10.0/24 protocol=tcp
dst-port=80 action=redirect to-ports=3128
[admin@mikrotik] > ip firewall mangle print
chain=postrouting out-interface=Lan dst-address=10.90.40.0/24 action=mark-packet
new-packet-mark=data down passthrough=no
;;; UP TRAFFIC / Traffic #1 and #3
chain=prerouting in-interface=Lan src-address=10.90.40.0/24 action=mark-packet
new-packet-mark=test-up passthrough=no
;;; conn-mark
chain=forward src-address=10.90.40.0/24 action=mark-connection
new-connection-mark=test-conn passthrough=yes
;;; DOWN-DIRECT CONNECTION / Traffic #2
chain=forward in-interface=Public connection-mark=test-conn action=mark-packet
new-packet-mark=test-down passthrough=no
;;; DOWN-VIA PROXY / Traffic #4
chain=output out-interface=Lan dst-address=10.90.40.0/24 action=mark-packet
new-packet-mark=test-down passthrough=no
chain=prerouting action=mark-packet new-packet-mark=all passthrough=no