Computer networks

How to block traffic from the internal network?

Hello.
There is a Mikrotik RB951G-2HnD running RouterOS v6. For many months everything has been working properly and without failures.
And then suddenly a letter from the provider arrives with the following content: "The equipment you have installed passes your local traffic to the public network. You need to block extraneous traffic from your internal network." Attached in the letter is tcpdump, which shows that addresses from the 192.168.1.0/24 subnet are breaking from different ports to external addresses on ports 80 and 443 (web traffic).
Bridge-local is implemented on Mikrotik, here is part of the firewall rules:

chain=input action=accept connection-state=established,related log=no log-prefix="" 
chain=input action=drop in-interface=IPS log-prefix="" 
chain=forward action=accept connection-state=established,related log=no log-prefix="" 
chain=forward action=accept in-interface=bridge-local out-interface=IPS log-prefix="" 
chain=forward action=accept in-interface=IPS out-interface=bridge-local log-prefix=""

I tried to prevent the local subnet from accessing the provider's interface, but this did not help:

chain=output action=drop dst-address=192.168.1.0/24 out-interface=IPS log=no log-prefix=""

Through wireshark, you can see that local client packets go to bridge-local.
I can't quite figure out how to solve this problem. Tell me, in which direction to dig?