I have a fully redundant network consisting of 2x rb1100ahx2. Being fully redundant, implies a network loop and use of RST, which again implies the use of bridge where switching otherwise would have been sufficient. (And I love the by-pass functionality!)
The RB's are set as master / standby using VRRP on the lan-bridge.

There is only one public IP-range on each internet access, and some servers for dmz cannot be behind nat, hence there is a wan-bridge and it needs to be firewalled. So firewall is enabled for bridges.

Now the issue: When firewall is enabled for bridges, so is NAT!
With the switch-loop there are some packets towards the master router that passes through the slave. The issue is that the slave applies the NAT-table on these packets with the result that they are routed through the slave rather than the master, or they arrive at the master with wrong dst/src ip.

My question is: How can I apply the firewall filter table to bridge, without applying nat table?
OR: How can I apply firewall to only the one bridge where it's required, and not to the other bridges?

Please can you post the result of

/ip firewall nat export compact