mikrotik config (again)

1. /system identity
2. set name=ALSiTEK
3.  
4. /interface bridge
5. add name=bridge1 protocol-mode=none
6.  
7. /interface bridge port
8. add bridge=bridge1 interface=ether2
9. add bridge=bridge1 interface=ether3
10. add bridge=bridge1 interface=ether4
11. add bridge=bridge1 interface=ether5
12. add bridge=bridge1 interface=wlan1
13.  
14. /ppp profile
15. add name=profile-pppoe change-tcp-mss=yes only-one=no use-compression=no use-encryption=no
16.  
17. /interface pppoe-client
18. add name=pppoe-out1 user=PPPOE_USER password=PPPOE_PASS interface=ether1 allow=chap profile=profile-pppoe add-default-route=yes use-peer-dns=yes disabled=no
19.  
20. /interface bridge settings
21. set use-ip-firewall=yes use-ip-firewall-for-pppoe=yes use-ip-firewall-for-vlan=yes
22.  
23. /ip firewall connection tracking
24. set enabled=yes
25.  
26. /ip settings
27. set rp-filter=strict
28.  
29. /interface list
30. add name=lan
31. add name=wan
32.  
33. /interface list member
34. add list=lan interface=bridge1
35. add list=wan interface=ether1
36. add list=wan interface=pppoe-out1
37.  
38. /ip address
39. add interface=bridge1 address=192.168.0.1/24
40.  
41. /ip pool
42. add name=pool1 ranges=192.168.0.20-192.168.0.254
43.  
44. /ip dhcp-server
45. add name=server1 interface=bridge1 lease-time=1d add-arp=yes address-pool=pool1 always-broadcast=yes bootp-support=dynamic disabled=no
46.  
47. /ip dhcp-server network
48. add address=192.168.0.0/24 dns-server=192.168.0.1 gateway=192.168.0.1 ntp-server=192.168.0.1
49.  
50. /ip dns
51. set allow-remote-requests=yes
52.  
53. /ip firewall address-list
54. add address=8.8.8.8 list=DNS
55. add address=8.8.4.4 list=DNS
56.  
57. /ip firewall filter
58. add chain=- action=log disabled=yes
59. add chain=accept-FT action=fasttrack-connection
60. add chain=accept-FT action=accept
61. add chain=- action=log disabled=yes
62. add chain=input action=jump jump-target=accept-FT in-interface-list=lan
63. add chain=input action=jump jump-target=accept-FT protocol=tcp src-port=53 src-address-list=DNS
64. add chain=input action=jump jump-target=accept-FT protocol=udp src-port=53 src-address-list=DNS
65. add chain=input action=jump jump-target=accept-FT protocol=tcp dst-port=123 src-port=123
66. add chain=input action=jump jump-target=accept-FT protocol=udp dst-port=123 src-port=123
67. add chain=input action=jump jump-target=accept-FT protocol=tcp dst-port=8291
68. add chain=input action=jump jump-target=accept-FT connection-state=established,related
69. add chain=input action=drop
70. add chain=- action=log disabled=yes
71. add chain=forward action=jump jump-target=accept-FT in-interface-list=lan out-interface-list=wan
72. add chain=forward action=jump jump-target=accept-FT in-interface-list=lan out-interface-list=lan
73. add chain=forward action=jump jump-target=accept-FT in-interface-list=wan connection-nat-state=dstnat
74. add chain=forward action=jump jump-target=accept-FT connection-state=established,related
75. add chain=forward action=drop
76. add chain=- action=log disabled=yes
77. add chain=output action=jump jump-target=accept-FT
78.  
79. /ip firewall mangle
80. add chain=forward     action=change-mss new-mss=clamp-to-pmtu out-interface-list=wan passthrough=yes protocol=tcp tcp-flags=syn
81. add chain=postrouting action=change-mss new-mss=clamp-to-pmtu out-interface-list=wan passthrough=yes protocol=tcp tcp-flags=syn
82.  
83. /ip firewall nat
84. add chain=srcnat action=masquerade out-interface-list=wan
85.  
86. /ip firewall raw
87. add chain=- action=log disabled=yes
88. add chain=accept-NOCT action=notrack
89. add chain=accept-NOCT action=accept
90. add chain=- action=log disabled=yes
91. add chain=prerouting action=jump jump-target=accept-NOCT dst-address-type=local in-interface-list=lan protocol=tcp dst-port=53
92. add chain=prerouting action=jump jump-target=accept-NOCT dst-address-type=local in-interface-list=lan protocol=udp dst-port=53
93. add chain=prerouting action=jump jump-target=accept-NOCT dst-address-type=local src-address-list=DNS protocol=tcp src-port=53
94. add chain=prerouting action=jump jump-target=accept-NOCT dst-address-type=local src-address-list=DNS protocol=udp src-port=53
95. add chain=prerouting action=drop dst-address-type=local in-interface-list=wan protocol=tcp dst-port=53
96. add chain=prerouting action=drop dst-address-type=local in-interface-list=wan protocol=udp dst-port=53
97. add chain=- action=log disabled=yes
98. add chain=output action=jump jump-target=accept-NOCT dst-address-list=DNS protocol=tcp dst-port=53
99. add chain=output action=jump jump-target=accept-NOCT dst-address-list=DNS protocol=udp dst-port=53
100.  
101. /ip ipsec policy
102. set 0 disabled=yes
103.  
104. /ip service
105. set telnet disabled=yes
106. set ftp disabled=yes
107. set www disabled=yes
108. set ssh disabled=yes
109. set api disabled=yes
110. set api-ssl disabled=yes
111.  
112. /system clock
113. set time-zone-autodetect=no
114.  
115. /system clock manual
116. set time-zone=+03:00
117.  
118. /system ntp client
119. set enabled=yes primary-ntp=0.pool.ntp.org secondary-ntp=1.pool.ntp.org
120.  
121. /system ntp server
122. set broadcast=yes broadcast-addresses=192.168.0.255 enabled=yes
123.  
124. /ip upnp interfaces
125. add interface=bridge1 type=internal
126. add interface=pppoe-out1 type=external
127.  
128. /ip ipsec proposal
129. set [ find default=yes ] disabled=yes
130.  
131. /ip neighbor discovery
132. set ether1 discover=no
133. set wlan1 discover=no
134. set pppoe-out1 discover=no