# feb/19/2017 15:28:51 by RouterOS 6.38.1
# software id = MCLX-A2LI
#
/interface bridge
add name=br1-lan
add name=br1-wan
/interface ethernet
set [ find default-name=ether1 ] name=eth1-wan
set [ find default-name=ether2 ] name=eth2-lan
set [ find default-name=ether5 ] name=eth5-lan
/interface pppoe-client
add add-default-route=yes disabled=no interface=br1-wan name=tap1-wan \
password=*** use-peer-dns=yes user=***
/interface ethernet
set [ find default-name=ether3 ] master-port=eth5-lan name=eth3-lan
set [ find default-name=ether4 ] master-port=eth5-lan name=eth4-lan
/interface wireless security-profiles
add authentication-types=wpa-psk,wpa2-psk eap-methods="" \
management-protection=allowed mode=dynamic-keys name=wpa2-protect \
supplicant-identity="" wpa-pre-shared-key=*** \
wpa2-pre-shared-key=***
/interface wireless
set [ find default-name=wlan1 ] adaptive-noise-immunity=ap-and-client-mode \
antenna-gain=2 band=2ghz-onlyn country=russia disabled=no frequency=2432 \
frequency-mode=regulatory-domain hw-protection-mode=cts-to-self mode=\
ap-bridge scan-list=2422-2427,2447-2457 security-profile=wpa2-protect \
ssid=@Whippi tx-power=15 tx-power-mode=all-rates-fixed wireless-protocol=\
802.11 wmm-support=enabled wps-mode=disabled
/interface wireless nstreme
set wlan1 enable-polling=no
/ip pool
add name=dhcp ranges=192.168.1.10-192.168.1.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=br1-lan lease-time=1w8h name=\
dhcp-pc
/interface bridge filter
add action=drop chain=output out-interface=eth2-lan packet-type=multicast
add action=drop chain=output out-interface=eth3-lan packet-type=multicast
add action=drop chain=output out-interface=eth4-lan packet-type=multicast
/interface bridge port
add bridge=br1-lan interface=eth5-lan
add bridge=br1-lan interface=wlan1
add bridge=br1-wan interface=eth1-wan
add bridge=br1-wan interface=eth2-lan
/ip address
add address=192.168.1.1/24 interface=br1-lan network=192.168.1.0
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=192.168.1.1 gateway=192.168.1.1 \
netmask=24 ntp-server=192.168.1.1
/ip dns
set allow-remote-requests=yes servers=192.168.1.1
/ip firewall filter
add action=accept chain=input protocol=icmp
add action=accept chain=input connection-state=established in-interface=\
tap1-wan
add action=accept chain=input connection-state=related in-interface=tap1-wan
add action=drop chain=input in-interface=tap1-wan
add action=jump chain=forward in-interface=tap1-wan jump-target=customer
add action=accept chain=customer connection-state=established
add action=accept chain=customer connection-state=related
add action=drop chain=customer
add action=drop chain=input dst-port=53 in-interface=tap1-wan log=yes \
log-prefix=query_in_drop protocol=udp
/ip firewall nat
add action=masquerade chain=srcnat out-interface=tap1-wan
/ip route
add disabled=yes distance=1 gateway=br1-lan
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www address=192.168.1.0/24
set ssh disabled=yes
set api disabled=yes
set winbox address=192.168.1.0/24
set api-ssl disabled=yes
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=eth1-wan type=external
add interface=br1-lan type=internal
/routing igmp-proxy
set quick-leave=yes
/system clock
set time-zone-name=Europe/Moscow
/system ntp client
set enabled=yes primary-ntp=88.147.254.232 secondary-ntp=88.147.254.235
/system ntp server
set enabled=yes
/system routerboard settings
set init-delay=0s
# software id = MCLX-A2LI
#
/interface bridge
add name=br1-lan
add name=br1-wan
/interface ethernet
set [ find default-name=ether1 ] name=eth1-wan
set [ find default-name=ether2 ] name=eth2-lan
set [ find default-name=ether5 ] name=eth5-lan
/interface pppoe-client
add add-default-route=yes disabled=no interface=br1-wan name=tap1-wan \
password=*** use-peer-dns=yes user=***
/interface ethernet
set [ find default-name=ether3 ] master-port=eth5-lan name=eth3-lan
set [ find default-name=ether4 ] master-port=eth5-lan name=eth4-lan
/interface wireless security-profiles
add authentication-types=wpa-psk,wpa2-psk eap-methods="" \
management-protection=allowed mode=dynamic-keys name=wpa2-protect \
supplicant-identity="" wpa-pre-shared-key=*** \
wpa2-pre-shared-key=***
/interface wireless
set [ find default-name=wlan1 ] adaptive-noise-immunity=ap-and-client-mode \
antenna-gain=2 band=2ghz-onlyn country=russia disabled=no frequency=2432 \
frequency-mode=regulatory-domain hw-protection-mode=cts-to-self mode=\
ap-bridge scan-list=2422-2427,2447-2457 security-profile=wpa2-protect \
ssid=@Whippi tx-power=15 tx-power-mode=all-rates-fixed wireless-protocol=\
802.11 wmm-support=enabled wps-mode=disabled
/interface wireless nstreme
set wlan1 enable-polling=no
/ip pool
add name=dhcp ranges=192.168.1.10-192.168.1.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=br1-lan lease-time=1w8h name=\
dhcp-pc
/interface bridge filter
add action=drop chain=output out-interface=eth2-lan packet-type=multicast
add action=drop chain=output out-interface=eth3-lan packet-type=multicast
add action=drop chain=output out-interface=eth4-lan packet-type=multicast
/interface bridge port
add bridge=br1-lan interface=eth5-lan
add bridge=br1-lan interface=wlan1
add bridge=br1-wan interface=eth1-wan
add bridge=br1-wan interface=eth2-lan
/ip address
add address=192.168.1.1/24 interface=br1-lan network=192.168.1.0
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=192.168.1.1 gateway=192.168.1.1 \
netmask=24 ntp-server=192.168.1.1
/ip dns
set allow-remote-requests=yes servers=192.168.1.1
/ip firewall filter
add action=accept chain=input protocol=icmp
add action=accept chain=input connection-state=established in-interface=\
tap1-wan
add action=accept chain=input connection-state=related in-interface=tap1-wan
add action=drop chain=input in-interface=tap1-wan
add action=jump chain=forward in-interface=tap1-wan jump-target=customer
add action=accept chain=customer connection-state=established
add action=accept chain=customer connection-state=related
add action=drop chain=customer
add action=drop chain=input dst-port=53 in-interface=tap1-wan log=yes \
log-prefix=query_in_drop protocol=udp
/ip firewall nat
add action=masquerade chain=srcnat out-interface=tap1-wan
/ip route
add disabled=yes distance=1 gateway=br1-lan
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www address=192.168.1.0/24
set ssh disabled=yes
set api disabled=yes
set winbox address=192.168.1.0/24
set api-ssl disabled=yes
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=eth1-wan type=external
add interface=br1-lan type=internal
/routing igmp-proxy
set quick-leave=yes
/system clock
set time-zone-name=Europe/Moscow
/system ntp client
set enabled=yes primary-ntp=88.147.254.232 secondary-ntp=88.147.254.235
/system ntp server
set enabled=yes
/system routerboard settings
set init-delay=0s