Hello,
I have an RB433 running v5.20 and I have it setup as follows:

eth1 - static IP WAN Connection
eth2, eth3 and wlan1 are in a bridge and setup for hotspot - dhcp server enabled on bridge

Everything is working but, I have a lot of logs from the firewall of the following:

firewall,info input: in:ether1 out:(none), src-mac 00:02:5d:1c:64:4e, pro
to TCP (ACK,FIN), 74.125.142.188:5228->64.9.40.xxx:33250, len 52

There are several lines of this log and this happens on different ports. I just want to be sure I am reading this correctly. The TCP address 74.125.142.188:5228 is trying to gain access to the ip address 64.9.40.xxx. This 64.9.40.xxx address is the eth1 on the the RB433 and there are about 80 stations(users) behind it, could this be a virus or hacker attempt? Should I just block this ip address completely? Thanks for your thoughts on this.

You are going to get lots of various attempts, some may be hack attempts, some may be scans. Just block everything with SPI and don't worry about any specific IP addresses unless it it attempting DOS or brute force.