Forward chain applies to incoming and outgoing traffic. Your rule says drop everything with source other that 192.168.0.x. Returning traffic will have, most likely, public IP as a src and 192.168.0.x for destination - and as you can see will qualify for drop action.Thank you for your inputs on this.
I've started creating more rules to protect the systems.
But looking at the 5 rules below this one:
5 chain=forward action=drop src-address=!192.168.0.0/24 dst-address=192.168.0.0/24
Seems to block all traffic for some reason when used; any idea why?
Is there no way to just to redirect any hits to that area to another area? I don't need to remove the branding, just make sure users are getting to the page they need - i.e. the hotspot page.Mikrotik offers Branding Maker to some people which enables you to replace that page with your own. Send email to support to inquire.