/interface bridgeadd admin-mac=XX:XX:XX:XX:XX:XX auto-mac=no name=bridge/int

1. /interface bridge
2. add admin-mac=XX:XX:XX:XX:XX:XX auto-mac=no name=bridge
3. /interface wireless
4. set [ find default-name=wlan1 ] adaptive-noise-immunity=ap-and-client-mode \
5. band=2ghz-onlyn basic-rates-a/g="" basic-rates-b="" channel-width=\
6. 20/40mhz-eC country=ukraine disabled=no distance=indoors frequency=2472 \
7. hw-protection-mode=rts-cts mode=ap-bridge multicast-helper=full name=wlan \
8. ssid=XXXXXX supported-rates-a/g="" supported-rates-b="" \
9. wireless-protocol=802.11 wmm-support=enabled
10. /interface ethernet
11. set [ find default-name=ether2 ] name=lan1
12. set [ find default-name=ether3 ] master-port=lan1 name=lan2
13. set [ find default-name=ether4 ] master-port=lan1 name=lan3
14. set [ find default-name=ether1 ] name=wan
15. /interface pppoe-client
16. add add-default-route=yes disabled=no interface=wan name=pppoe-internet \
17. password=XXXXXX use-peer-dns=yes user=XXXXXX
18. /interface wireless nstreme
19. set wlan enable-polling=no
20. /ip neighbor discovery
21. set wan discover=no
22. set wlan discover=no
23. set pppoe-internet discover=no
24. /interface wireless security-profiles
25. set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys \
26. wpa2-pre-shared-key=XXXXXXX
27. /ip pool
28. add name=dhcp-pool ranges=192.168.88.10-192.168.88.254
29. /ip dhcp-server
30. add address-pool=dhcp-pool disabled=no interface=bridge lease-time=3d name=\
31. dhcp-server
32. /interface bridge port
33. add bridge=bridge interface=lan1
34. add bridge=bridge interface=wlan
35. /ip address
36. add address=192.168.88.1/24 interface=bridge network=192.168.88.0
37. /ip cloud
38. set ddns-enabled=yes
39. /ip dhcp-client
40. add dhcp-options=hostname,clientid disabled=no interface=wan
41. /ip dhcp-server network
42. add address=192.168.88.0/24 dns-server=192.168.88.1 gateway=192.168.88.1 \
43. netmask=24
44. /ip dns
45. set allow-remote-requests=yes servers=194.143.136.1,194.143.136.2
46. /ip dns static
47. add address=192.168.88.1 name=router
48. /ip firewall address-list
49. add address=46.250.0.0/19 list=briz-list
50. add address=109.200.224.0/19 list=briz-list
51. add address=185.6.184.0/22 list=briz-list
52. add address=194.143.136.0/23 list=briz-list
53. add address=195.66.216.0/21 list=briz-list
54. add address=213.231.0.0/18 list=briz-list
55. add address=94.74.100.0/22 list=briz-list
56. add address=94.74.104.0/22 list=briz-list
57. add address=94.74.120.0/21 list=briz-list
58. add address=195.66.212.0/22 list=briz-list
59. add address=172.17.0.0/16 list=briz-local-list
60. add address=172.18.0.0/16 list=briz-local-list
61. add address=172.19.0.0/16 list=briz-local-list
62. /ip firewall filter
63. add chain=input comment="Enable access port Winbox of PPPoE" dst-port=18291 \
64. in-interface=pppoe-internet protocol=tcp src-address-list=briz-list
65. add chain=input comment="Enable access port Winbox of WAN" dst-port=18291 \
66. in-interface=wan protocol=tcp src-address-list=briz-local-list
67. add chain=input comment="Enable PING" icmp-options=8 protocol=icmp
68. add chain=input comment="Enable IPTV" in-interface=wan protocol=igmp
69. add chain=forward dst-port=1234 in-interface=wan protocol=udp
70. add chain=forward in-interface=wan protocol=igmp
71. add chain=input comment="Enable establieshed,related connections" \
72. connection-state=established,related
73. add action=drop chain=input comment="Drop all from WAN" in-interface=wan
74. add action=drop chain=input comment="Drop all from PPPoE" in-interface=\
75. pppoe-internet
76. add chain=forward comment="Enable establieshed,related connections" \
77. connection-state=established,related
78. add action=fasttrack-connection chain=forward comment=Fasttrack \
79. connection-state=established,related
80. add action=drop chain=forward comment="Drop invalid connection packets" \
81. connection-state=invalid
82. add action=drop chain=forward comment="Drop all from WAN not DSTNATed" \
83. connection-nat-state=!dstnat connection-state=new in-interface=wan
84. add action=drop chain=forward comment="Drop all from PPPoE not DSTNATed" \
85. connection-nat-state=!dstnat connection-state=new in-interface=\
86. pppoe-internet
87. /ip firewall nat
88. add action=masquerade chain=srcnat comment="NAT LOCAL ISP" out-interface=wan
89. add action=masquerade chain=srcnat comment="NAT INTERNET" out-interface=\
90. pppoe-internet
91. /ip firewall service-port
92. set ftp disabled=yes
93. set tftp disabled=yes
94. set irc disabled=yes
95. set h323 disabled=yes
96. set sip disabled=yes
97. set pptp disabled=yes
98. /ip service
99. set telnet disabled=yes
100. set ftp disabled=yes
101. set www disabled=yes
102. set ssh disabled=yes
103. set api disabled=yes
104. set winbox port=18291
105. set api-ssl disabled=yes
106. /routing igmp-proxy
107. set query-interval=1m quick-leave=yes
108. /routing igmp-proxy interface
109. add comment="Downstream IPTV" interface=bridge
110. add alternative-subnets=172.17.24.0/24,10.255.5.0/24 comment="Upstream IPTV" \
111. interface=wan upstream=yes
112. /system clock
113. set time-zone-name=Europe/Kiev
114. /system ntp client
115. set enabled=yes primary-ntp=91.218.89.74 secondary-ntp=62.149.0.30
116. /system routerboard settings
117. set cpu-frequency=650MHz protected-routerboot=disabled
118. /tool bandwidth-server
119. set authenticate=no enabled=no
120. /tool mac-server
121. set [ find default=yes ] disabled=yes
122. add interface=bridge
123. /tool mac-server mac-winbox
124. set [ find default=yes ] disabled=yes
125. add interface=bridge