Referencing dynamic public IP address

For some firewall rules you're required to provide the public IP address. With a dynamic IP you would have to update the firewall rule every time the IP changes, which can be rather annoying and with many rules also time consuming.

Instead it's best to just add a new address list which then can be referenced and if the IP changes there's only one place you need to update.

/ip firewall address-list add address <IP>

The command line will then prompt you for a name, pick something descriptive like for example PUBLIC.

Hairpin NAT / NAT loopback

/ip firewall nat

add chain=srcnat src-address= dst-address= protocol=tcp out-interface=bridge1 action=masquerade

add chain=dstnat dst-address-list=PUBLIC protocol=tcp dst-port=80880 action=dst-nat to-address=