Even though the firewall protects the router from the general public interface, you should still want to disable RouterOS expert services.The initial rule accepts packets from already proven connections, assuming They can be Protected to not overload the CPU. The 2nd rule drops any packet that relationship tracking identifies as invalid. Following