Is it possible to use a custom firewall chain in both input and forward chains simultaneously?

Using a custom firewall chain in both the input and forward chains simultaneously is not feasible due to how MikroTik's firewall rules and chains are structured. The input chain is specifically designed to handle packets that are intended for the local router itself, such as those aimed at services running on the router. In contrast, the forward chain manages packets that are merely passing through the router, not destined for it.

MikroTik's firewall architecture allows for the creation of custom chains, but these chains can be added within the context of the existing chains (input, forward, output) or called as targets from rules in those chains, rather than applied across different chains simultaneously. Therefore, while you can create a custom chain and refer to it from both the input and forward chains, it does not function as if it exists in both contexts at the same time. Each chain has a distinct operational role, and packets must be processed according to the rules defined specifically within those chains. This separation is crucial for maintaining organized and effective firewall management, allowing for different security policies to be applied based on the intended traffic flow direction.