/interface list add name=WAN comment="defconf"/interface list add name=LAN com

1. /interface list add name=WAN comment="defconf"
2. /interface list add name=LAN comment="defconf"
3. /ip firewall {
4. filter add chain=input action=accept connection-state=established,related,untracked comment="defconf: accept established,related,untracked"
5. filter add chain=input action=drop connection-state=invalid comment="defconf: drop invalid"
6. filter add chain=input action=accept protocol=icmp comment="defconf: accept ICMP"
7. filter add chain=input action=accept dst-address=127.0.0.1 comment="defconf: accept to local loopback (for CAPsMAN)"
8. filter add chain=input action=drop in-interface-list=!LAN comment="defconf: drop all not coming from LAN"
9. filter add chain=forward action=accept ipsec-policy=in,ipsec comment="defconf: accept in ipsec policy"
10. filter add chain=forward action=accept ipsec-policy=out,ipsec comment="defconf: accept out ipsec policy"
11. filter add chain=forward action=fasttrack-connection connection-state=established,related comment="defconf: fasttrack"
12. filter add chain=forward action=accept connection-state=established,related,untracked comment="defconf: accept established,related, untracked"
13. filter add chain=forward action=drop connection-state=invalid comment="defconf: drop invalid"
14. filter add chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface-list=WAN comment="defconf: drop all from WAN not DSTNATed"
15. }
16. /ip neighbor discovery-settings set discover-interface-list=LAN
17. /tool mac-server set allowed-interface-list=LAN
18. /tool mac-server mac-winbox set allowed-interface-list=LAN
19.  
20.  
21.