i have 2 rules like this to protect management ports (ros management ports, as well as for other dst-nat ports for devices on network).
/ip firewall filter
add action=drop chain=input in-interface=ether1-ISP dst-port=20-55,80-445,2000,8022-8729 protocol=tcp src-address-list=!adminPublicIPs
/ip firewall filter
add action=drop chain=input in-interface=ether1-ISP dst-port=53,161,2000,8291-8729 protocol=udp src-address-list=!adminPublicIPs
2x questions:
1- would it be more efficient (less router resource usage) if i were to add "connection-state=new" to these 2x rules?
2- if i did add "connection-state=new" , are there any downsides or traffic that might be missed versus NOT having "connection-state=new" ?
thanks