Here is a list of useful and handy RouterOS commands. For sanity sake, since RouterOS has a terminal, I will reference that rather than try to deal with pictures and vague (unitentionally) references. For those that refuse to use the terminal, the command is generally straightforward regarding what field needs what information. If there is something you wish to have added, contact me and I will add it, if possible. Some things I just do not have the capability to easily try out or can even implement.
The following rules are copied from working configs, but sanitized. The field is denoted where CIDR notation is required.
FIREWALL RELATED RULES
LIST ALL RULES ACTIVE
/ip firewall export
DROP A SUBNET
/ip firewall filter add action=drop chain=forward comment="Subnet Drop" log=yes log-prefix="[Subnet Drop]" src-address=SUNBNET-CIDR
DROP A PORT
/ip firewall filter add chain=forward action=drop protocol=tcp dst-port=PORT
DROP ALL BUT A PORT
/ip firewall filter add chain=forward action=drop protocol=tcp dst-port=!PORT
/ip firewall filter add action=dst-nat chain=dstnat comment="Cockpit" dst-address=WAN-IP dst-port=9090 protocol=tcp to-addresses=LAN-IP to-ports=9090
/ip firewall filter add action=masquerade chain=srcnat comment="Hairpin NAT" dst-address=SERVER out-interface=bridge protocol=tcp src-address=SUBNET-CIDR
First we create a L7 rule, then a filter rule to match on the L7 rule. Inside the L7 regex rule separate each site with a bar -- this rule is for blocking facebook.com and myspace.com
/ip firewall layer7-protocol add name="Block Badsites" regexp="^.+(facebook.com|myspace.com).*\$" /ip firewall filter add action=drop chain=forward comment="Block Badsites" layer7-protocol="Block Badsites"