as regras que uso sao as estao abaixo... atenção ao nome da Interface e a lista de ips (ip firewall address-list)
/ip firewall filter
add action=drop chain=forward comment="DROP WAREZ" disabled=no in-interface=REDE p2p=warez
add action=drop chain=input comment="DROPA PACOTES INVALIDOS" connection-state=invalid disabled=no
add action=drop chain=forward connection-state=invalid disabled=no
add action=accept chain=input comment="ACEITA ACESSO EXTERNO WINBOX" disabled=no dst-port=8219 protocol=tcp
add action=add-src-to-address-list address-list=spammer address-list-timeout=1h chain=forward comment="AntiSPAM o AntiWORM" connection-limit=20,32 disabled=no dst-port=25,465 in-interface=REDE protocol=tcp
add action=drop chain=forward disabled=no dst-port=25,465 in-interface=REDE protocol=tcp src-address-list=spammer
add action=jump chain=forward comment="*****************VIRUS *******************" jump to the virus chain" disabled=no in-interface=REDE jump-target=virus
add action=drop chain=virus disabled=no dst-port=0,67-68,135-139,445,1024-1030,1080,1214,1364,1373,1377 protocol=tcp
add action=drop chain=virus disabled=no dst-port=1433-1434,2049,2283,2535,3133,3410,4444,10000,12345-12346,20034,27374,65506 protocol=tcp
add action=drop chain=virus disabled=no dst-port=0,25,69,111,135-139,445,1349,2049,3133,4444,10666 protocol=udp
add action=accept chain=input comment="ACEITA PACOTES ESTABLISHED REDE INTERNA" connection-state=established disabled=no
add action=accept chain=forward connection-state=established disabled=no
add action=accept chain=input comment="ACEITA PACOTES RELATED REDE INTERNA" connection-state=related disabled=no
add action=accept chain=forward connection-state=related disabled=no
add action=accept chain=forward comment="ACEITA REDE INTERNA" disabled=no in-interface=REDE src-address-list=RedeInterna
add action=accept chain=input disabled=no in-interface=REDE src-address-list=RedeInterna
Aqui vem o Pulo de Gato
add action=drop chain=forward comment="DROPA TODO RESTANTE" disabled=no
add action=drop chain=input disabled=no