The top practice is to make a new consumer with a powerful password and disable or clear away the default admin consumer.  increase chain=input in-interface=ether1 motion=acknowledge protocol=tcp port=8291 remark="allow Winbox"; increase chain=input in-interface=ether1 action=acknowledge protocol=tcp port=22 remark="let SSH"; insert chain=input i