Generally I like to follow the principal of "don't firewall on your routers and don't route on your firewalls"
But in saying that, there is a use case whereby you want to limit ip access to the router itself.
An example would be limiting ip access to your BGP peers and your management network.

These are all INPUT rules, but once enabled, fastpath is obviously disabled.

I looked at fasttrack, but I'm worried about the performance impact of a connection tracking table size of 700k - 1M entries..

Is there a solution to restrict ip access to the mikrotik router itself while still having fastpath for routed packets?

I would set the IP SERVICES rules to restrict access to your router

Where are the IP SERVICE rules located?

ip services in console

or IP menu, then services submenu on Winbox

Hello to all!

I just want to ask regarding with my mikrotik router 1100ah.
My problem is when I search a website (example-www.yahoo.com) It takes time to appear. But when I search a www.google.com it comes out easily.
When can I see the configuration in winbox? Hoping to find solution and can find answer here.

Thanks.