Hi All, i have been busy and crazy for will all this problems to solve.
I really want to thank you guys/girls for your time, that's what makes the forums valuable.
One thing i like about difficulties or problems is that they often bring to us new ways of looking to the things, and that's what happened to me.
i kept digging and found some interesting discussions:
http://lists.clug.org.za/pipermail/clug ... 28095.html
And the following words made so much sense to me:
A firewall connection-state has only 1 status:
it is either new,established,related, OR invalid.
A single packet can not be more than one of these states.
that is like summarize the discussion on the second link:
/ip firewall filter
add chain=input connection-state=established action=accept
add chain=input connection-state=related action=accept
add chain=input connection-state=invalid action=drop
add chain=input in-interface=<LAN> action=accept
add chain=input action=drop
add chain=forward connection-state=established action=accept
add chain=forward connection-state=related action=accept
add chain=forward connection-state=invalid action=drop
add chain=forward in-interface=<LAN> action=accept
add chain=forward action=drop
I have applied this setup and the Internet looks like has a Ferrari engine now.
Any other view/opinion on this config?
Once Again: BIG THANK YOU TO ALL