/interface bridge
add admin-mac=MA:CA:DD:RE:SS:XX auto-mac=no comment="\CC\EE\F1\F2 \E4\EB\FF \
\EB\EE\EA\E0\EB\FC\ED\FB\F5 \F3\F1\F2\F0\EE\E9\F1\F2\E2" name=\
bridge_local
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 name=pppoe-szt \
use-peer-dns=yes user=*******
add disabled=no interface=ether2 name=pppoe-ttk use-peer-dns=yes user=\
*******
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp-local ranges=192.168.88.100-192.168.88.120
/ip dhcp-server
add address-pool=dhcp-local disabled=no interface=bridge_local name=\
dhcp_local
/interface bridge port
add bridge=bridge_local comment=defconf interface=ether3
add bridge=bridge_local comment=defconf interface=ether4
add bridge=bridge_local comment=defconf interface=ether5
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge_local list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=pppoe-szt list=WAN
add interface=ether2 list=WAN
add interface=pppoe-ttk list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge_local network=\
192.168.88.0
/ip dhcp-server lease
add address=192.168.88.110 client-id=1:0:25:22:c2:2d:69 mac-address=\
00:25:22:C2:2D:69 server=dhcp_local
add address=192.168.88.115 client-id=1:d4:3d:7e:e0
4d mac-address=\
D4:3D:7E:E0:DE:4D server=dhcp_local
add address=192.168.88.100 client-id=1:90:2b:34:5e:e:ba mac-address=\
90:2B:34:5E:0E:BA server=dhcp_local
add address=192.168.88.105 client-id=1:44:8a:5b:99:74:fe mac-address=\
44:8A:5B:99:74:FE server=dhcp_local
add address=192.168.88.102 client-id=1:1c:bb:a8:12:12:96 mac-address=\
1C:BB:A8:12:12:96 server=dhcp_local
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan type=A
/ip firewall filter
add action=accept chain=input comment=\
" defconf: accept established, related, untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" \
connection-state=invalid
add action=accept chain=input comment=" defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment=" defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
" defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
/ip firewall mangle
add action=mark-connection chain=input comment=TTK connection-state=new \
in-interface=pppoe-ttk new-connection-mark=Input/TTK passthrough=yes
add action=mark-routing chain=output connection-mark=Input/TTK \
new-routing-mark=TTK passthrough=no
add action=mark-connection chain=forward connection-state=new in-interface=\
pppoe-ttk new-connection-mark=Forward/TTK passthrough=yes
add action=mark-routing chain=prerouting connection-mark=Forward/TTK \
new-routing-mark=TTK passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
/ip route
add comment=TTK distance=2 gateway=pppoe-ttk routing-mark=TTK
/ip route rule
add dst-address=0.0.0.0/0 src-address=192.168.88.100/32 table=TTK
/system clock
set time-zone-name=Europe/Moscow
/system routerboard settings
set enter-setup-on=delete-key
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN