diff --git a/mikrotik/base-config/README.md b/mikrotik/base-config/README.md
index 71bb4fd..201e6d2 100644
--- a/mikrotik/base-config/README.md
+++ b/mikrotik/base-config/README.md
@@ -86,7 +86,7 @@ Please always check these options for base config new device:
`/ip firewall filter add action=reject chain=input comment="deny INPUT any -->> ME UDP reject-with icmp-port-unreachable" connection-state=new protocol=udp reject-with=icmp-port-unreachable`
`/ip firewall filter add action=drop chain=input comment="deny INPUT all" connection-state=""`
`/ip firewall filter add action=reject chain=forward comment="deny FORWARD any -->> any TCP reject-with tcp-reset" connection-state=new protocol=tcp reject-with=tcp-reset`
-`/ip firewall filter add action=reject chain=forward comment="deny FORWARD any -->> any UDP reject-with tcp-reset" connection-state=new protocol=udp reject-with=icmp-port-unreachable`
+`/ip firewall filter add action=reject chain=forward comment="deny FORWARD any -->> any UDP reject-with icmp-port-unreachable" connection-state=new protocol=udp reject-with=icmp-port-unreachable`
`/ip firewall filter add action=drop chain=forward comment="deny FORWARD all" connection-state=""`
6. For config bridge:
diff --git a/mikrotik/base-config/dc01-emer01-terse.rsc b/mikrotik/base-config/dc01-emer01-terse.rsc
index 557b96f..202b94a 100644
--- a/mikrotik/base-config/dc01-emer01-terse.rsc
+++ b/mikrotik/base-config/dc01-emer01-terse.rsc
@@ -62,7 +62,7 @@
/ip firewall filter add action=reject chain=input comment="deny INPUT any -->> ME UDP reject-with icmp-port-unreachable" connection-state=new protocol=udp reject-with=icmp-port-unreachable
/ip firewall filter add action=drop chain=input comment="deny INPUT all" connection-state=""
/ip firewall filter add action=reject chain=forward comment="deny FORWARD any -->> any TCP reject-with tcp-reset" connection-state=new protocol=tcp reject-with=tcp-reset
-/ip firewall filter add action=reject chain=forward comment="deny FORWARD any -->> any UDP reject-with tcp-reset" connection-state=new protocol=udp reject-with=icmp-port-unreachable
+/ip firewall filter add action=reject chain=forward comment="deny FORWARD any -->> any UDP reject-with icmp-port-unreachable" connection-state=new protocol=udp reject-with=icmp-port-unreachable
/ip firewall filter add action=drop chain=forward comment="deny FORWARD all" connection-state=""
/ip hotspot profile set [ find default=yes ] html-directory=hotspot
/ip route add disabled=no dst-address=0.0.0.0/0 gateway=11.11.11.121 routing-table=main suppress-hw-offload=no
diff --git a/mikrotik/base-config/dc01-gw01-terse.rsc b/mikrotik/base-config/dc01-gw01-terse.rsc
index e63f595..45884b1 100644
--- a/mikrotik/base-config/dc01-gw01-terse.rsc
+++ b/mikrotik/base-config/dc01-gw01-terse.rsc
@@ -133,7 +133,7 @@
/ip firewall filter add action=reject chain=input comment="deny INPUT any -->> ME UDP reject-with icmp-port-unreachable" connection-state=new protocol=udp reject-with=icmp-port-unreachable
/ip firewall filter add action=drop chain=input comment="deny INPUT all" connection-state=""
/ip firewall filter add action=reject chain=forward comment="deny FORWARD any -->> any TCP reject-with tcp-reset" connection-state=new protocol=tcp reject-with=tcp-reset
-/ip firewall filter add action=reject chain=forward comment="deny FORWARD any -->> any UDP reject-with tcp-reset" connection-state=new protocol=udp reject-with=icmp-port-unreachable
+/ip firewall filter add action=reject chain=forward comment="deny FORWARD any -->> any UDP reject-with icmp-port-unreachable" connection-state=new protocol=udp reject-with=icmp-port-unreachable
/ip firewall filter add action=drop chain=forward comment="deny FORWARD all" connection-state=""
/ip firewall nat add action=src-nat chain=srcnat comment="EXAMPLE !!! SNAT from inside all networks (outside IP = 11.11.11.122)" dst-address-list=!all-networks out-interface=ether1-outside src-address-list=all-networks to-addresses=11.11.11.122
/ip firewall nat add action=src-nat chain=srcnat comment="EXAMPLE !!! SNAT from inside mail systems for SPF rec TCP 25,465 (outside IP = 22.22.22.125) " disabled=yes dst-port=25,465 out-interface=ether1-outside protocol=tcp src-address=10.91.3.11 to-addresses=22.22.22.123