Beginner Basics • Re: check my settings

/ip firewall filteradd action=passthrough chain=comment-test comment=\    "-- SECTION -- test and info rules"add action=passthrough chain=comment-established comment=\    "-- SECTION -- established rules"add chain=forward comment="allow established forward" connection-state=\    establishedadd chain=forward comment="povol related forward" connection-state=relatedadd chain=input comment="Allow esatblished connections forward" \    connection-state=establishedadd chain=input comment="Allow related connections input" connection-state=\    relatedadd chain=output comment="Allow esatblished connections output" \    connection-state=establishedadd chain=output comment="Allow related connections output" connection-state=\    relatedadd action=passthrough chain=comment-drop comment="-- SECTION -- drop rules"add action=log chain=input comment="Drop invalid connections" \    connection-state=invalid log-prefix=drop_invalidadd action=drop chain=input comment="Drop invalid connections" \    connection-state=invalidadd action=log chain=output comment="Drop invalid connections" \    connection-state=invalid log-prefix=drop_invalidadd action=drop chain=output comment="Drop invalid connections" \    connection-state=invalidadd action=log chain=forward comment="drop all BANNED IPs" log-prefix=\    drop_banned src-address-list=all_bannedadd action=drop chain=forward comment="drop all BANNED IPs" src-address-list=\    all_bannedadd action=log chain=input comment="Block broadcasts packets" disabled=yes \    dst-address=255.255.255.255 log-prefix=255add action=drop chain=input comment="Block broadcasts packets" dst-address=\    255.255.255.255add action=drop chain=input comment="Block broadcasts packets" \    dst-address-type=broadcast,multicastadd action=passthrough chain=comment-VOIP comment="-- SECTION -- VOIP rules"add action=passthrough chain=comment-DDOS comment=\    "-- SECTION -- block ddos rules"add action=log chain=input comment="drop ssh brute forcers for 10days" \    dst-port=22 log-prefix=drop-ssh-brute protocol=tcp src-address-list=\    ssh_blacklistadd action=drop chain=input comment="drop ssh brute forcers for 10days" \    dst-port=22 protocol=tcp src-address-list=ssh_blacklistadd action=add-src-to-address-list address-list=ssh_blacklist \    address-list-timeout=1w3d chain=input comment="ssh black_list" \    connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage3add action=add-src-to-address-list address-list=ssh_stage3 \    address-list-timeout=20m chain=input comment="ssh black_list" \    connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage2add action=add-src-to-address-list address-list=ssh_stage2 \    address-list-timeout=10m chain=input comment="ssh black_list" \    connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage1add action=add-src-to-address-list address-list=ssh_stage1 \    address-list-timeout=5m chain=input comment="ssh black_list" \    connection-state=new dst-port=22 protocol=tcpadd action=jump chain=forward comment=Jump_to_block-ddos disabled=yes \    dst-port=!53,514 jump-target=block-ddos protocol=udpadd action=jump chain=input comment=Jump_to_block-ddos disabled=yes dst-port=\    !53,514 jump-target=block-ddos protocol=udpadd action=return chain=block-ddos disabled=yes limit=16,32:packetadd action=log chain=block-ddos disabled=yes log-prefix=DDOS_ATTACK:add action=drop chain=block-ddos disabled=yes limit=16,32:packetadd action=jump chain=input comment=Jump_to_block-ddos disabled=yes dst-port=\    !53 jump-target=block-ddos protocol=udpadd action=passthrough chain=comment-important-basic comment=\    "-- SECTION -- important and basic rules"add action=accept chain=input dst-port=8291,22 in-interface=!ether1 protocol=\    tcpadd chain=output comment="allow router DNS queries" dst-port=53 protocol=tcpadd chain=output comment="allow router DNS queries" dst-port=53 protocol=udpadd action=accept chain=input comment="allow router DNS queries" dst-port=53 \    in-interface=!ether1 protocol=udpadd action=accept chain=input comment="allow router DNS queries" dst-port=53 \    in-interface=!ether1 protocol=tcpadd action=accept chain=forward comment="allow router DNS queries" dst-port=\    53 in-interface=!ether1 protocol=udpadd action=accept chain=forward comment="allow router DNS queries" dst-port=\    53 in-interface=!ether1 protocol=tcpadd chain=output comment="allow router NTP queries" dst-port=123 protocol=udpadd action=accept chain=forward comment="allow router NTP queries" dst-port=\    123 in-interface=!ether1 protocol=udpadd chain=output comment="allow ping z routeru" protocol=icmpadd action=accept chain=forward comment="povol PING forward" in-interface=\    !ether1 protocol=icmpadd action=accept chain=input comment="povol PING input" in-interface=!ether1 \    limit=10,50:packet protocol=icmpadd action=passthrough chain=comment-VPNs comment="-- SECTION -- VPNs rules"add action=accept chain=input comment=wireguard dst-port=13231 protocol=udpadd action=accept chain=input comment=wireguard src-address=192.168.77.0/24add action=accept chain=forward comment=wireguard src-address=192.168.77.0/24add action=accept chain=input comment="allow input PPTP" disabled=yes \    dst-port=1723 protocol=tcp src-port=1024-65535add action=accept chain=input comment="allow input IPSEC" disabled=yes \    dst-port=500 protocol=udp src-port=1024-65535add action=accept chain=input comment="allow input IPSEC" disabled=yes \    dst-port=4500 protocol=udp src-port=1024-65535add action=accept chain=input comment="allow input L2TP" disabled=yes \    dst-port=1701 protocol=udp src-port=1024-65535add action=accept chain=input comment="allow input PPTP" disabled=yes \    protocol=greadd action=accept chain=input comment="allow input IPSEC-esp" disabled=yes \    protocol=ipsec-espadd action=passthrough chain=comment-PUBLIC-DMZ comment=\    "-- SECTION -- public DMZ, webserver etc rules"add action=passthrough chain=comment-INET-access comment=\    "-- SECTION -- Internet access RULES"add action=accept chain=forward comment="povolene vse z LAN" in-interface=\    bridge out-interface=ether1add chain=forward comment="povolene sluzby obecne TCP z LAN" disabled=yes \    out-interface=ether1 protocol=tcpadd chain=forward comment="povolene sluzby obecne UDP z LAN" disabled=yes \    out-interface=ether1 protocol=udp src-address-list=!servers_RANGE_vlanadd action=passthrough chain=comment-OTHER comment=\    "-- SECTION -- other rules"add action=passthrough chain=comment-DROP-FINAL comment=\    "-- SECTION -- FINAL DROPs"add action=log chain=forward comment="Drop everything all FORWARD" \    log-prefix=DROP_forwardadd action=drop chain=forward comment="Drop everything all FORWARD"add action=log chain=input comment="Drop everything all INPUT" log-prefix=\    DROP_inputadd action=drop chain=input comment="Drop everything all INPUT"add action=log chain=output comment="Drop everything all OUTPUT" log-prefix=\    DROP_outputadd action=drop chain=output comment="Drop everything all OUTPUT"