I have basic firewall rules from First Time Configuration tutorial:
https://help.mikrotik.com/docs/spaces/R ... figuration



And now I'm wondering:
1) Should I have this first position "passthrough" or maybe it should be deleted? Does it make router less safe?
2) Is it necessary to extend these basic firewall rules or they are safe enough for typical user like me?
Maybe I should replace these tutorial ip firewall rules with default ip firewall rules? Probably there are more firewall rules in default config than in tutorial.

maybe it should be deleted?

The "D" in the flags column means it's a dynamic rule, created by the router when you add the fasttrack rule. If you try to delete it, the OS will give a complaint like "cannot remove builtin".

Does it make router less safe?

RouterOS wouldn't automatically add it if it did.

Is it necessary to extend these basic firewall rules or they are safe enough for typical user like me?

The defaults do cover all typical use cases.

A different perspective might help you sort this out.

Probably there are more firewall rules in default config than in tutorial.

Many more, yes.

(And that collection is partially outdated by 7.18, which added at least one more relative to the 7.15/16 prevalent when I began collecting defconfs.)

Thanks for reply. Just to be sure. Is it better to stay with these firewall rules which i attached as image or just reset router to default router configuration with default ip firewall rules (different that on my photo)?

Rule #8:

viewtopic.php?t=215004

just reset router to default router configuration

Yes. Building a firewall from scratch is either an educational exercise, a hold-my-beer stunt, or a sign that you're way up at the top end of the expertise curve.

And incidentally, I happened to have roached my RB4011 since my prior post, giving me the opportunity (hah!) to netinstall it and pull a fresh defconf. You can see the differences relative to 7.15.2 here. The biggest is the addition of the IPv6 fasttrack rule.