Hey everyone, I've always used either firewalls in AWS/Azure or something simple for a SOHO. I have a web app sitting behind my Mikrotik, and after setting up the Firewall rules, reading a few books, just wondered if I am making my life difficult or going down the right approach.

Current setup

2 WANs, incoming everything is blocked incoming except port 80, 443.
Downloaded a few blacklist scripts to block those IPs for all incoming, forwarded or outgoing traffic.
Blocking port scanning attempts.
Outgoing on the WANs have port 443 open, and DNS is restricted to only the DNS servers I picked.
All new connections are logged via syslog to an offsite location.
1 DMZ network, and 1 vlan network on another switch. That vlan only accepts incoming connections from the DMZ on one port. Outgoing on the vlan is restricted to just DNS.

After setting this up, testing it, I realize I have other 30 rules. If there was a SRC/DST Port list I think I could cut the rules down some. Since none of my local networking friends use Mikrotik, I figured I would ask you guys in a production environment, how many rules do you end up with and when is it being too specific or just too much?

I take a very simple approach.
Block everything, allow only what you want.

You can cut the rules down by comma separating your TCP ports and UDP ports but it’s only worth doing on low powered devices as the separation will show you what ports are getting hit.

i get very specific and 30 rules isn't even worth the post

I take a very simple approach.
Block everything, allow only what you want.

You can cut the rules down by comma separating your TCP ports and UDP ports but it’s only worth doing on low powered devices as the separation will show you what ports are getting hit.

OHHH I can!

Great, so 30 is not a crazy amount, is good to hear. Thought I was going overboard but sounds like these FW can handle it.

I have from 9 to 60 rules on different sites, it depends. 30 rules for 2 WANs is not so much, I think.