Hello,
Staying at home since over a week I've been analyzing some things in my network and MikroTik as well. I've noticed that multicast packets do not enter the INPUT chain. Why?
There is for example UDP multicast 239.255.255.250:1900 (probably UPnP service) which is in the routable group of addresses. In the log I've got only:
RAW PREROUTING prerouting: in:ether1-WAN out:(unknown 0), src-mac --:--:--:--:--:--, proto UDP, 192.168.1.102:36927->239.255.255.250:1900, len 582
MANGLE PREROUTING prerouting: in:ether1-WAN out:(unknown 0), src-mac --:--:--:--:--:--, proto UDP, 192.168.1.102:36927->239.255.255.250:1900, len 582
My test router is open at all having just firewall rules for logging purpose:
chain=prerouting action=accept log=yes log-prefix="RAW PREROUTING" src-address-list=!Szymon-PC dst-address-list=!Szymon-PC
chain=prerouting action=accept src-address-list=!Szymon-PC dst-address-list=!Szymon-PC log=yes log-prefix="MANGLE PREROUTING"
chain=input action=accept src-address-list=!Szymon-PC dst-address-list=!Szymon-PC log=yes log-prefix="INPUT"
and the same for all chains at all steps (RAW, MANGLE, FILTER).
Szymon_PC is just the address list that contains IP address of my PC to not logging the traffic when using WinBox.