I'm relatively new to mikrotik, and i'm trying to limit access on a one to one NAT
mikrotik global IP: x.x.x.1
host global IP: x.x.x.2
mikrotik internal IP: x.x.x.1
host internal IP: a.a.a.2 (let's say this is web server, so i want to allow https to come in)

i have:
chain=dstnat action=dst-nat to-addresses=a.a.a.2 dst-address=x.x.x.2
chain=srcnat action=src-nat to-addresses=x.x.x.2 src-address=a.a.a.2

so my next challenge is, how do i ONLY allow outside https request through?
i still want the internal host to go out unrestricted.

one solution is to limit the dstnat,
is that best practice? i would think that there's a way to do it through filter vs nat.

Thanks in advance!