Because I am using the Mikrotik to protect several public ranges I've also got a block everything on the forward chain except from what I list.
I've got that working as it should and it blocks everything i did not list, although I've stumbled into a problem. I've got an Openvpn server behind the Mikrotik which I've opened the openvpn ports to and I can connect to it just fine.
The only problem is that I can't reach any internal ranges behind the openvpn server, until i disable the block all rule in the forwarding chain. I've also put in an address list to allow everything on tcp/udp on the internal ranges but it still doesn't seem to work, only when I disable the blocking rule on the forwarding chain which is not an option as it leaves all the servers unprotected.