Hi, I'm having a terrible maze finding a solution to stop and block traffic on my vpls network.
In picture you can see traffic from 172.31.3.209 to 172.30.255.33 on DNS port, It seems to be boggons IP but can't find a way to stop it.
If any one could give me a guide to achive what i'm looking for..
Thanks

Post your complete config please.
/export file=anynameyouwish ( minus router serial # and any public WANIP information )

Sure.

Interesting complex setup, way over my head though......

Do you mean incoming traffic or outgoing traffic ???
Okay i see you use 172.16 traffic so one has to be careful about any bogon rules........... so you dont block own traffic,

You need to note what all your LAN subnets are and remove any bogons on the list that may interfere.

So far I see ( ones that will cause issues )
add address=10.0.0.0/8 list=BOGONS
add address=127.0.0.0/8 list=BOGONS ( in general this is often used on the router and should be left alone )
add address=192.168.0.0/16 list=BOGONS
add address=172.16.0.0/12 list=BOGONS

So remove the ones above from your firewall address list.
Also make sure one of them doesnt hit the range of your actual WANIP address schema, not likely but ya never know.

Your firewall rules are a mess and disorganized.
Suggest you simplify by removing all, putting back in the defaults
and focussing on what user traffic should be allowed in the input chain ( to the router )
and focussing on what user traffic should be allowed in the forward chain ( lan to lan, lan to wan etc.)

I dont use bogon rules in firewall chain I tend to put them in routes (black hole if I use them)

Like so:
/ip route
add blackhole disabled=no dst-address=0.0.0.0/8
add blackhole disabled=no dst-address=100.64.0.0/10
add blackhole disabled=no dst-address=169.254.0.0/16
add blackhole disabled=no dst-address=192.0.0.0/24
add blackhole disabled=no dst-address=192.0.2.0/24
add blackhole disabled=no dst-address=198.18.0.0/15
add blackhole disabled=no dst-address=198.51.100.0/24
add blackhole disabled=no dst-address=203.0.113.0/24
add blackhole disabled=no dst-address=224.0.0.0/3

Now since the problem subnet is within one of the bogons which also covers your local subnet just add a subnet that is more appropriate

add blackhole disabled=no dst-address=172.30.0.0/16

Thanks you so much.
I'm not a firewall guy as you can see.
Allready try to blackhole that particulary subnet and traffic is still there.
It's only on the vpls network this is what make me think! I can't see this traffic on routers outside vpls.
Any way, thanks for your time and will

vpls is outside my limited knowledge sphere, perhaps sindy or sob or mkx can inspect and advise.

vpls is not my pie either ...