Let me start by introducing myself.
My name is Karl, and I am from South Africa. I am a seasoned Mikrotik installer/programmer/whatever I can get it to do guy. I have been referring back to these forums often for help when I start scratching my head, so thanks to all of you for the bits of info that point me in the right direction when I hit my head on a wall.
I have created a Firewall Filter that blocks incoming ports 1-1024, however I have added a backdoor rule in the NAT section to use port xxxx to point to Port 80 on 192.168.x.x on Ether2.
My NAT rule works fine, until I enable any the Firewall Filter rule. Then it dies. I still have access to Port 80 on 192.168.1.1 from any of my four subnets on Eth2-5.
Here are my rules...
/ip firewall nat
add chain=dst-nat protocol=tcp dst-port=xxxx in-interface=PPPoE action=dst-nat to-address=192.168.1.1 to-port=80
This rule works fine to port forward xxxx to 192.168.1.1:80 on Eth2
/ip firewall filter
add chain=input protocol=tcp dst-port=1-1024 in-interface=PPPoE action=reject
This rule is blocking all incoming connections on ports 1-1024.
Together, the NAT rule fails.