I have a routerboard that I would like to setup as a firewall between my lan and my workstation. I want to filter traffic coming from the lan and from the internet to this machine. I would like to keep everything on the same subnet . I have been playing with bridge mode and using the ip firewall setting enabled but it does not seem to do what I want or I am missing something.



network 192.168.0.0/24 ----> Routerboard eth1 <--Bridge1 192.168.0.15/24--> Routerboard eth2 ----> my workstation 192.168.0.20/24.

For examples sake I would like ssh from my LAN to pass and http from the Internet only (not from LAN). My firewall currently passes http to my workstation.

Hopefully this is enough to understand what I am trying to accomplish.

I have done this once using mangle rules first, so: Basically you wouldn't need to specify the rule of accepting the ssh packet since bridge will pass any packet.
But I added it there just for the example. Better approach would have been of allowing what you want, and drop
everything else.

That actually is exactly what I want to do. Drop everything and only allow a few things. Does the option for use ip firewall need to be set to yes for the bridge mode? I tried your settings and although they work I still see other services when I NMAP from the LAN. I added a drop at the end of the list for the bridge filter and nothing is passing now.

Yes, you need to set bridge to use firewall filter.
But I took that for granted since you have mentioned it yourself,
so I didn't put it in the settings.
It should work that way. If you are going to allow some services, and
drop everything else, remember to mark packets of everything else as well.
Then use that packet mark in the filter.