Hi Steve,
here is the prefered output from the firewall rule-set.
/ip firewall filter
add action=add-src-to-address-list address-list=Syn_Flooder address-list-timeout=30m chain=input comment="Add Syn Flood IP to the list" connection-limit=30,32 protocol=tcp tcp-flags=syn
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="Port scanners to list " protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="NMAP FIN Stealth scan" protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="SYN/FIN scan" protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="SYN/RST scan" protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="FIN/PSH/URG scan" protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="ALL/ALL scan" protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="NMAP NULL scan" protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input comment="dropping port scanners" in-interface=vDSL-Telematika src-address-list="port scanners"
add action=drop chain=input comment="Drop to syn flood list" src-address-list=Syn_Flooder
add action=jump chain=input comment="Jump for icmp input flow" jump-target=ICMP protocol=icmp
add action=accept chain=input comment=IP-Sec connection-state=new in-interface=vDSL-Telematika protocol=ipsec-esp
add action=accept chain=input comment=IP-Sec connection-state=new dst-port=500,1701,4500 in-interface=vDSL-Telematika protocol=udp
add action=accept chain=input comment="Accept established and related packets" connection-state=established,related in-interface=vDSL-Telematika
add action=accept chain=forward connection-state="" in-interface=bridge
add action=accept chain=forward connection-state="" in-interface=vlan_WLAN_Manuel
add action=accept chain=forward connection-state="" in-interface=vlan_WLAN_Renate
add action=accept chain=ICMP comment="Echo request - Avoiding Ping Flood" icmp-options=8:0 limit=1,5 protocol=icmp
add action=accept chain=ICMP comment="Echo reply" icmp-options=0:0 protocol=icmp
add action=accept chain=ICMP comment="Time Exceeded" icmp-options=11:0 protocol=icmp
add action=accept chain=ICMP comment="Destination unreachable" icmp-options=3:0-1 protocol=icmp
add action=accept chain=ICMP comment=PMTUD icmp-options=3:4 protocol=icmp
add action=drop chain=ICMP comment="Drop to the other ICMPs" protocol=icmp
add action=jump chain=output comment="Jump for icmp output" jump-target=ICMP protocol=icmp
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new
add action=drop chain=input comment="Drop invalid packets" connection-state=invalid in-interface=vDSL-Telematika
add action=drop chain=input comment="Drop all packets which are not destined to routes IP address" dst-address-type=!local in-interface=vDSL-Telematika
add action=drop chain=input comment="Drop all packets which does not have unicast source IP address" in-interface=vDSL-Telematika src-address-type=!unicast
add action=drop chain=input comment="Alles von WAN verwerfen" in-interface=vDSL-Telematika