Qnewbie

Yes, you can do it.

Check my old post: http://www.telecom-cafe.com/forum/viewthread.php?tid=4330

Basically, you set up your white-list, forward your input to your extra control chain, in that control chain you can simply drop other unwanted connections.

Qnewbie

Congs!

It is similar to block other intruders with this method, say, your ovpn port is 1194, you can do the same:

/ip firewall filter
add action=accept chain=input comment="OVPN" disabled=no protocol=tcp \
dst-port=1194 src-address=xxx.xxx.xxx.xxxx /24
add action=accept chain=input comment="OVPN" disabled=no protocol=udp \
dst-port=1194 src-address=xxx.xxx.xxx.xxxx /24
add action=drop chain=input disabled=no  protocol=tcp dst-port=1194
add action=drop chain=input disabled=no  protocol=udp dst-port=1194