Hi all,
sorry fo my english.
I have a problem.
There was a gateway with Linux at address 10.2.1.1 and then in its place takes mikrotik, and the server has the address of 10.2.1.100, but there are many necessary services. How to throw all traffic, except for a few ports, coming in at 10.12.1.0 to 10.2.1.100?
I guess you mean that you want some natting towards an internal ip from external.
You should go to ip firewall nat
And add a dst-nat rule.
/ip firewall nat
add chain=dstnat dst-address=10.2.1.100 action=dst-nat to-addresses=10.12.1.x