Computer networks

How to give access to a port from certain IPs?

Good afternoon, I need help.
And so, there is a filezilla dump on 192.168.x.x
There is a Mikrotik RB2011UiAS-2HnD-IN on RouterOS 6.40.7
Port forwarding was made from Mikrotik to the filezilla server, forwarding 21 ports and a range of 50000-50100.
There is access from outside and locally to ftp, here, in fact, the question itself is how to make access from outside only from certain IP addresses?
When adding external IP addresses to address adding a leaf to them in firewall rule\advanced\Dst. address list access to ftp disappears for everyone, it was also noticed that if you add the external IP of Mikrotik to this list, access appears again, but for everyone and not for the prescribed IPs in the list.
There is little information on this topic (maybe I’m not looking for it that way), but the actual question is how to make access to certain Ip from outside?
ip firewall nat prin
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=masquerade out-interface=ether1
1 ;;; FTP
chain=dstnat action=dst-nat to-addresses=192.168.0.6 to-ports=21 protocol=tcp in-interface=ether1 dst-port=21
log=no log-prefix=""
2 chain=dstnat
ip firewall filter print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=input action=accept protocol=icmp
1 chain=input action=accept connection-state=established in-interface=ether1
2 chain=forward action=accept protocol=tcp dst-address-list=FTP in-interface=ether1 dst-port=21 log=no
log-prefix=""
3 chain=forward action=accept protocol=tcp dst-address- list=FTP in-interface=ether1 dst-port=50000-50100 log=no
log-prefix=""
4 chain=forward action=jump jump-target=customer in-interface=ether1
5 chain=customer action=accept connection- state=established
6 chain=customer action=accept connection-state=related
7 chain=input action=drop in-interface=ether1
8 chain=customer action=
drop when you specify the external IP address of the Mikrotik in the address sheet, access appears, but again, for everyone.