So we decided to use one of the 3011 with USB dongle as failover for connection also being L2TP/IPSEC client. This is LTE connection and poor signal around 0.5mbs which is enough for that it is intended. However, running wireshark and torch for some time, we noticed a lot of 'ping' coming from all types of IP, and many from known DNS servers like OpenDNS, Google etc. So, we decided to apply the following rule which seemed to make sense at the moment in addition to the rest basic port blocking etc:

Port 445 (Virus / Worms):
/ip firewall mangle
add action=add-src-to-address-list address-list=Worm-Infected-p445 address-list-timeout=1h chain=prerouting connection-state=new disabled=no dst-port=445 limit=5,10 protocol=tcp
/ip firewall filter
add action=drop chain=forward disabled=no dst-port=445 protocol=tcp src-address-list=Worm-Infected-p445
add action=drop chain=forward disabled=no dst-port=445 protocol=tcp src-address-list=Worm-Infected-p445

2P2 / torrent blocking:
/ip firewall layer7-protocol
add comment="P2P WWW web base cnoetent Matching / Zaib" name=p2p_www regexp=\
"^.*(get|GET).+(torrent|thepiratebay|isohunt|entertane|demonoid|btjunkie|mininova|flixflux|vertor|h33t|zoozle|bitnova|bitsoup|meganova|fulldls|btbot|fenopy|gpirate|commonbits).*\$"
add comment="P2P DNS Matching / Zaib" name=p2p_dns regexp=\
"^.+(torrent|thepiratebay|isohunt|entertane|demonoid|btjunkie|mininova|flixflux|vertor|h33t|zoozle|bitnova|bitsoup|meganova|fulldls|btbot|fenopy|gpirate|commonbits).*\$"
/ip firewall mangle
add action=mark-packet chain=postrouting comment="p2p download" disabled=no layer7-protocol=p2p_www new-packet-mark="p2p download" passthrough=no
add action=mark-packet chain=postrouting disabled=no layer7-protocol=p2p_dns new-packet-mark="p2p download" passthrough=no
/ip firewall filter
add action=drop chain=forward comment="Block P2p_www Packets / Zaib" disabled=no layer7-protocol=p2p_www
add action=drop chain=forward comment="Block P2p_dns Packets / Zaib" disabled=no layer7-protocol=p2p_dns
add action=drop chain=forward comment="Block General P2P Connections , default mikrotik p2p colelction / zaib" disabled=no p2p=all-p2p

At first it seemed to work well, blocking 100s of P2Ps and port 445 signatures. However, of the span of a few days, i started noticing decline in bandwidth on the primary ISP going from 40mbs to 10mbs and then on LTE from 0.5mbs to the point where i can load some HTTP/HTTPS sites but can run the speed test. Furthermore, it started putting on the block list, DNS server like OpenDNS, Google etc.

Questions:

1. Why would OpenDNS, Google etc would try to ping my IP without inquiry?
2. Why does firewall takes it as malicious and can they be malicious? I've heard about mirror ddos attacks etc, but I'd think that someone like Google would have a handle on it and filter it accordingly
3. There is only a limit on packet on Port 445 limit=5,10... However, it seems to filter traffic in that form globally... is it possible? and How can it be changed to just traffic to 445 only, so it wont effect bandwidth?

IP has no source address validation - that is the reason why IP spoofing exists at all - therefore you cannot trust the source IP from unknown sources.

Thank you Squeez, however, given the above, i was wondering more about the rules above and their effect on slowing down the speed of traffic.