I want be be able to access winbox in following ways:
1) Remotely
2) From within VLAN 10
So I add the following rules to filter
/ip firewall filter add action=accept chain=input disabled=no dst-port=8291 in-interface=pppoe-out protocol=tcp
/ip firewall filter add action=drop chain=input disabled=no dst-port=8291 in-interface=!vlan-10 protocol=tcp
So the first rule will accept packets coming from internet (interface pppoe-out) destined for port 8291
second rule will drop whatever packets not coming from vlan 10. Pretty straight forward.
But now the complicated part that I am cracking my head for several hours now. I am accessing internet from within VLAN 60. My understanding is that I should still be able to access winbox REMOTELY. However the firewall is dropping my packages because by trying to access winbox, I am not going in from in-interface=pppoe-out but from in-interface=vlan60.
How can I add a rule that generally allow remote connection?