/ip firewall filter add action=accept chain=input comment="defconf: accept estab

1. /ip firewall filter add action=accept chain=input comment="defconf: accept established,related" connection-state=established,related
2. /ip firewall filter add action=drop chain=input comment="defconf: drop all from WAN" in-interface=pppoe-client
3. /ip firewall filter add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=yes
4. /ip firewall filter add action=accept chain=forward comment="defconf: accept established,related" connection-state=established,related
5. /ip firewall filter add action=accept chain=forward comment="defconf: accept established,related" connection-state=established,related
6. /ip firewall filter add action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
7. /ip firewall filter add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
8. /ip firewall filter add action=drop chain=forward comment="defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
9. /ip firewall filter add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
10. /ip firewall filter add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=icmpv6
11. /ip firewall filter add action=accept chain=forward comment="defconf: accept HIP" protocol=139
12. /ip firewall filter add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
13. /ip firewall nat add action=masquerade chain=srcnat out-interface=pppoe-client
14.