I will aim this at a beginner then...
I use the command line interface (CLI) through a ssh.
/ ip firewall filter
add chain=input connection-state=invalid action=drop
add chain=input connection-state=established action=accept
add chain=input protocol=udp action=accept
add chain=input protocol=icmp action=accept
add chain=input src-address=192.168.0.0/24 action=accept
add chain=input src-address=xxx.xxx.xxx.xxx/yy action=accept
add chain=input action=drop
Do not add the last rule until you are certain all else is ok. If any rule will lock you out of your own box, that is it. If you wish to remove rules, remove that last one first!
They must be in this order! Change xxx.xxx.xxx.xxx/yy to your local network's public IP set if this is a remote unit. That way you can access it from your office/home. Otherwise you can omit that rule.
This is the same as the "Protect your router" example in the docs with the local net permission added. You add the "Protect your customer" rules the same way. The examples are way down at the bottom of the page in the docs. http://www.mikrotik.com/testdocs/ros/2.9/ip/filter.php
If you are unfamiliar with CLI, let us know. Someone familiar with Winbox may help you translate.