[44net] Mikrotik firewall rules for 44net?

I've recently installed Marius YO2LOJ's RIPv2 AMPR Gateway Setup Script 2.2 on a Mikrotik RB450G. RouterOS is version 6.37.3, I have 44.131.56.241 configured on the ucsd-gw interface and 44.131.56.9/29 on ether5 for my LAN. It seems to work well and I can access 44net hosts from a 44net machine on the LAN. I'm filtering traffic on the WAN interface of the router to only permit ipip traffic, however I still see traffic from outside 44/8 - mainly tcp syn packets to port 23 appearing on the LAN. These must be coming down via a tunnel and I'd like to filter them out. I've implemented an output rule to permit traffic from 44/8 to 44/8 and drop everything else, applied this to ether5. Is there a better way to implement this? I would like to filter on the WAN side but that would mean a firewall input rule on every tunnel. Thanks, -- Nick G4IRX