/interface bridgeadd admin-mac=XX:XX:XX:XX:XX:XX auto-mac=no name=bridge/i

1.  
2. /interface bridge
3. add admin-mac=XX:XX:XX:XX:XX:XX auto-mac=no name=bridge
4. /interface wireless
5. set [ find default-name=wlan1 ] adaptive-noise-immunity=ap-and-client-mode \
6. band=2ghz-onlyn basic-rates-a/g="" basic-rates-b="" channel-width=\
7. 20/40mhz-eC country=ukraine disabled=no distance=indoors frequency=2472 \
8. hw-protection-mode=rts-cts mode=ap-bridge multicast-helper=full name=wlan \
9. ssid=XXXXXX supported-rates-a/g="" supported-rates-b="" \
10. wireless-protocol=802.11 wmm-support=enabled
11. /interface ethernet
12. set [ find default-name=ether2 ] name=lan1
13. set [ find default-name=ether3 ] master-port=lan1 name=lan2
14. set [ find default-name=ether4 ] master-port=lan1 name=lan3
15. set [ find default-name=ether1 ] name=wan
16. /interface pppoe-client
17. add add-default-route=yes disabled=no interface=wan name=pppoe-internet \
18. password=XXXXXX use-peer-dns=yes user=XXXXXX
19. /interface wireless nstreme
20. set wlan enable-polling=no
21. /ip neighbor discovery
22. set wan discover=no
23. set wlan discover=no
24. set pppoe-internet discover=no
25. /interface wireless security-profiles
26. set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
27. wpa2-pre-shared-key=XXXXXXX
28. /ip pool
29. add name=dhcp-pool ranges=192.168.88.10-192.168.88.254
30. /ip dhcp-server
31. add address-pool=dhcp-pool disabled=no interface=bridge lease-time=3d name=\
32. dhcp-server
33. /interface bridge port
34. add bridge=bridge interface=lan1
35. add bridge=bridge interface=wlan
36. /ip address
37. add address=192.168.88.1/24 interface=bridge network=192.168.88.0
38. /ip cloud
39. set ddns-enabled=yes
40. /ip dhcp-client
41. add dhcp-options=hostname,clientid disabled=no interface=wan
42. /ip dhcp-server network
43. add address=192.168.88.0/24 dns-server=192.168.88.1 gateway=192.168.88.1 \
44. netmask=24
45. /ip dns
46. set allow-remote-requests=yes servers=194.143.136.1,194.143.136.2
47. /ip dns static
48. add address=192.168.88.1 name=router
49. /ip firewall address-list
50. add address=46.250.0.0/19 list=briz-list
51. add address=109.200.224.0/19 list=briz-list
52. add address=185.6.184.0/22 list=briz-list
53. add address=194.143.136.0/23 list=briz-list
54. add address=195.66.216.0/21 list=briz-list
55. add address=213.231.0.0/18 list=briz-list
56. add address=94.74.100.0/22 list=briz-list
57. add address=94.74.104.0/22 list=briz-list
58. add address=94.74.120.0/21 list=briz-list
59. add address=195.66.212.0/22 list=briz-list
60. add address=172.17.0.0/16 list=briz-local-list
61. add address=172.18.0.0/16 list=briz-local-list
62. add address=172.19.0.0/16 list=briz-local-list
63. /ip firewall filter
64. add chain=input comment="Enable access port Winbox of PPPoE" dst-port=18291 \
65. in-interface=pppoe-internet protocol=tcp src-address-list=briz-list
66. add chain=input comment="Enable access port Winbox of WAN" dst-port=18291 \
67. in-interface=wan protocol=tcp src-address-list=briz-local-list
68. add chain=input comment="Enable PING" icmp-options=8 protocol=icmp
69. add chain=input comment="Enable IPTV" in-interface=wan protocol=igmp
70. add chain=forward dst-port=1234 in-interface=wan protocol=udp
71. add chain=forward in-interface=wan protocol=igmp
72. add chain=input comment="Enable establieshed,related connections" \
73. connection-state=established,related
74. add action=drop chain=input comment="Drop all from WAN" in-interface=wan
75. add action=drop chain=input comment="Drop all from PPPoE" in-interface=\
76. pppoe-internet
77. add action=fasttrack-connection chain=forward comment=Fasttrack \
78. connection-state=established,related
79. add chain=forward comment="Enable establieshed,related connections" \
80. connection-state=established,related
81. add action=drop chain=forward comment="Drop invalid connection packets" \
82. connection-state=invalid
83. add action=drop chain=forward comment="Drop all from WAN not DSTNATed" \
84. connection-nat-state=!dstnat connection-state=new in-interface=wan
85. add action=drop chain=forward comment="Drop all from PPPoE not DSTNATed" \
86. connection-nat-state=!dstnat connection-state=new in-interface=\
87. pppoe-internet
88. /ip firewall nat
89. add action=masquerade chain=srcnat comment="NAT LOCAL ISP" out-interface=wan
90. add action=masquerade chain=srcnat comment="NAT INTERNET" out-interface=\
91. pppoe-internet
92. /ip firewall service-port
93. set ftp disabled=yes
94. set tftp disabled=yes
95. set irc disabled=yes
96. set h323 disabled=yes
97. set sip disabled=yes
98. set pptp disabled=yes
99. /ip service
100. set telnet disabled=yes
101. set ftp disabled=yes
102. set www disabled=yes
103. set ssh disabled=yes
104. set api disabled=yes
105. set winbox port=18291
106. set api-ssl disabled=yes
107. /routing igmp-proxy
108. set query-interval=1m quick-leave=yes
109. /routing igmp-proxy interface
110. add comment="Downstream IPTV" interface=bridge
111. add alternative-subnets=172.17.24.0/24,10.255.5.0/24 comment="Upstream IPTV" \
112. interface=wan upstream=yes
113. /system clock
114. set time-zone-name=Europe/Kiev
115. /system ntp client
116. set enabled=yes primary-ntp=91.218.89.74 secondary-ntp=62.149.0.30
117. /system routerboard settings
118. set cpu-frequency=650MHz protected-routerboot=disabled
119. /tool bandwidth-server
120. set authenticate=no enabled=no
121. /tool mac-server
122. set [ find default=yes ] disabled=yes
123. add interface=bridge
124. /tool mac-server mac-winbox
125. set [ find default=yes ] disabled=yes
126. add interface=bridge