# 2025-03-05 07:19:37 by RouterOS 7.15.2# software id = RXYN-4HJK## model

1. # 2025-03-05 07:19:37 by RouterOS 7.15.2
2. # software id = RXYN-4HJK
3. #
4. # model = wAPG-5HaxD2HaxD
5. # serial number =
6. /interface bridge
7. add admin-mac=F4:1E:57:60:CF:DF auto-mac=no comment=defconf name=bridge
8. /interface wifi
9. set [ find default-name=wifi1 ] channel.skip-dfs-channels=10min-cac \
10. configuration.country=Australia .mode=ap .ssid="Routers of Rohan" \
11. disabled=no security.authentication-types=wpa2-psk,wpa3-psk .ft=yes \
12. .ft-over-ds=yes
13. set [ find default-name=wifi2 ] channel.skip-dfs-channels=10min-cac \
14. configuration.country=Australia .mode=ap .ssid="Routers of Rohan" \
15. disabled=no security.authentication-types=wpa2-psk,wpa3-psk .ft=yes \
16. .ft-over-ds=yes
17. /interface list
18. add comment=defconf name=WAN
19. add comment=defconf name=LAN
20. /ip pool
21. add name=default-dhcp ranges=192.168.88.10-192.168.88.254
22. /ip dhcp-server
23. add address-pool=default-dhcp interface=bridge name=defconf
24. /interface bridge port
25. add bridge=bridge comment=defconf interface=ether2
26. add bridge=bridge comment=defconf interface=wifi1
27. add bridge=bridge comment=defconf interface=wifi2
28. /interface list member
29. add comment=defconf interface=bridge list=LAN
30. add comment=defconf interface=ether1 list=WAN
31. /ip address
32. add address=192.168.88.246/24 comment=defconf interface=bridge network=\
33. 192.168.88.0
34. /ip dhcp-client
35. add comment=defconf interface=ether1
36. /ip dhcp-server network
37. add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.246 \
38. gateway=192.168.88.246 netmask=24
39. /ip dns
40. set allow-remote-requests=yes
41. /ip dns static
42. add address=192.168.88.246 comment=defconf name=router.lan
43. /ip firewall filter
44. add action=accept chain=forward comment="defconf: accept in ipsec policy" \
45. ipsec-policy=in,ipsec
46. add action=accept chain=forward comment="defconf: accept out ipsec policy" \
47. ipsec-policy=out,ipsec
48. add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
49. connection-state=established,related hw-offload=yes
50. add action=accept chain=forward comment=\
51. "defconf: accept established,related, untracked" connection-state=\
52. established,related,untracked
53. add action=drop chain=forward comment="defconf: drop invalid" \
54. connection-state=invalid
55. add action=drop chain=forward comment=\
56. "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
57. connection-state=new in-interface-list=WAN
58. /ip firewall nat
59. add action=masquerade chain=srcnat comment="defconf: masquerade" \
60. ipsec-policy=out,none out-interface-list=WAN
61. /ip upnp
62. set enabled=yes
63. /ip upnp interfaces
64. add interface=bridge type=internal
65. add interface=ether1 type=external
66. /ipv6 firewall address-list
67. add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
68. add address=::1/128 comment="defconf: lo" list=bad_ipv6
69. add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
70. add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
71. add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
72. add address=100::/64 comment="defconf: discard only " list=bad_ipv6
73. add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
74. add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
75. add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
76. /ipv6 firewall filter
77. add action=accept chain=input comment=\
78. "defconf: accept established,related,untracked" connection-state=\
79. established,related,untracked
80. add action=drop chain=input comment="defconf: drop invalid" connection-state=\
81. invalid
82. add action=accept chain=input comment="defconf: accept ICMPv6" protocol=\
83. icmpv6
84. add action=accept chain=input comment="defconf: accept UDP traceroute" \
85. dst-port=33434-33534 protocol=udp
86. add action=accept chain=input comment=\
87. "defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\
88. udp src-address=fe80::/10
89. add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \
90. protocol=udp
91. add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\
92. ipsec-ah
93. add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\
94. ipsec-esp
95. add action=accept chain=input comment=\
96. "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
97. add action=drop chain=input comment=\
98. "defconf: drop everything else not coming from LAN" in-interface-list=\
99. !LAN
100. add action=accept chain=forward comment=\
101. "defconf: accept established,related,untracked" connection-state=\
102. established,related,untracked
103. add action=drop chain=forward comment="defconf: drop invalid" \
104. connection-state=invalid
105. add action=drop chain=forward comment=\
106. "defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
107. add action=drop chain=forward comment=\
108. "defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
109. add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \
110. hop-limit=equal:1 protocol=icmpv6
111. add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\
112. icmpv6
113. add action=accept chain=forward comment="defconf: accept HIP" protocol=139
114. add action=accept chain=forward comment="defconf: accept IKE" dst-port=\
115. 500,4500 protocol=udp
116. add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\
117. ipsec-ah
118. add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\
119. ipsec-esp
120. add action=accept chain=forward comment=\
121. "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
122. add action=drop chain=forward comment=\
123. "defconf: drop everything else not coming from LAN" in-interface-list=\
124. !LAN
125. /system note
126. set show-at-login=no
127.