Even though the firewall safeguards the router from the general public interface, you may still desire to disable RouterOS solutions.The first rule accepts packets from currently proven connections, assuming These are safe to not overload the CPU. The second rule drops any packet that connection tracking identifies as invalid. After that, we create