Here is the bible on assigning vlans - http://forum.mikrotik.com/t/using-routeros-to-vlan-your-network/126489/1
Easiest approach in the forward chain of firewall rules
is to put a drop all else rule at the end and then above that you only need to add traffic you want to ALLOW/ACCEPT, after the default rules but before the drop rule.
Everything else gets dropped.
Once you have hoisted this in. post the full config for review/discussion, not snippets.
/export file=anynameyouwish ( minus router serial number, any public WANIP information, keys etc. )