Hi
We use access lists & port knocking on external CCR. Internal fw netscreen has SQL open to world when we port knock on perimeter CCR.
Its very easy to delete move the wrong rules on Microtik.
I do put a comment on rules do not DELETE or Move but mistakes easy and effect could be disaster.
On Firewall Rules could you add one day right click rule, "LOCK"
So later move or delete a rule I would have to Unlock the Lock by right clicking the rule. "UNLOCK"
Would make me sleep at night and would help me fat finger mistakes ...
Cheers
Tony