:global Identity "UgorMagazinprodukt";:global SSIDName "Kuzmino";:global SSI

1. :global Identity "UgorMagazinprodukt";
2. :global SSIDName "Kuzmino";
3. :global SSIDpass "14062017";
4. :global RadioName "UgorMagazinprodukt";
5. :global ClientFttx "fttx2416";
6. :global FttxPass "87071934";
7. /interface bridge add name=bridge1
8. /interface bridge port add bridge=bridge1 interface=wlan1
9. /interface wireless set [ find default-name=wlan1 ] adaptive-noise-immunity=ap-and-client-mode band=5ghz-a/n channel-width=20/40mhz-Ce country=russia disabled=no frequency-mode=regulatory-domain guard-interval=long hw-protection-mode=rts-cts mode=station-wds multicast-helper=full nv2-preshared-key=$SSIDpass nv2-security=enabled radio-name=$RadioName rate-set=configured scan-list=4900-6000 ssid=$SSIDName wds-default-bridge=bridge1 wds-mode=dynamic wireless-protocol=nv2-nstreme-802.11 wmm-support=enabled
10. /interface wireless nstreme set wlan1 enable-nstreme=yes
11. /interface pppoe-client add add-default-route=yes allow=chap disabled=no interface=bridge1 max-mru=1480 max-mtu=1480 mrru=1600 name=pppoe-out1 password=$FttxPass use-peer-dns=yes user=$ClientFttx
12. /interface wireless security-profiles set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk eap-methods="" mode=dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=$SSIDpass wpa2-pre-shared-key=$SSIDpass
13. /ip neighbor discovery set pppoe-out1 discover=no
14. /ip ipsec proposal set [ find default=yes ] enc-algorithms=aes-128-cbc
15. /ip address add address=192.168.77.1/24 interface=ether1 network=192.168.77.0
16. /ip pool add name=dhcp_pool1 ranges=192.168.77.2-192.168.77.254
17. /ip dhcp-server add address-pool=dhcp_pool1 disabled=no interface=ether1 lease-time=3d name=dhcp1
18. /snmp community set [ find default=yes ] name=monitor
19. /user group add name=engineer policy="local,telnet,ssh,ftp,reboot,read,write,test,winbox,web,sniff,sensitive,romon,dude,tikapp,!policy,!password,!api"
20. /ip dhcp-server network add address=192.168.77.0/24 dns-server=192.168.77.1,8.8.8.8 gateway=192.168.77.1 ntp-server=66.187.233.4,128.138.141.172
21. /ip dns set allow-remote-requests=yes cache-size=4096KiB servers=77.88.8.8,8.8.8.8
22. /ip firewall filter add action=drop chain=input connection-state=invalid
23. /ip firewall filter add chain=input protocol=icmp
24. /ip firewall filter add action=accept chain=input connection-state=new dst-port=80,8291,22 in-interface=pppoe-out1 protocol=tcp src-address=192.168.0.0/16
25. /ip firewall filter add chain=input connection-state=established,related
26. /ip firewall filter add action=accept chain=forward connection-state=established,related
27. /ip firewall filter add chain=output connection-state=!invalid
28. /ip firewall filter add chain=forward connection-state=established,new in-interface=ether1 out-interface=pppoe-out1 src-address=192.168.77.0/24
29. /ip firewall filter add chain=forward connection-state=established,related in-interface=pppoe-out1 out-interface=ether1
30. /ip firewall filter add action=drop chain=input in-interface=pppoe-out1
31. /ip firewall filter add action=drop chain=forward
32. /ip firewall nat add action=masquerade chain=srcnat
33. /ip service set telnet address=192.168.10.0/24
34. /ip service set ftp address=192.168.10.0/24
35. /ip service set www address=192.168.0.0/16
36. /ip service set ssh address=192.168.10.0/24
37. /ip service set api disabled=yes
38. /ip service set winbox address=192.168.0.0/16
39. /ip service set api-ssl disabled=yes
40. /ip upnp set allow-disable-external-interface=yes enabled=yes
41. /ip upnp interfaces add interface=ether1 type=internal
42. /ip upnp interfaces add interface=pppoe-out1 type=external
43. /snmp set enabled=yes trap-version=2
44. /system clock set time-zone-autodetect=no time-zone-name=Etc/GMT-3
45. /system identity set name=$Identity
46. /system ntp client set enabled=yes primary-ntp=192.168.10.1 secondary-ntp=66.187.233.4