Finally got my hands on the configration.
Code:
# 2025-03-17 02:09:22 by RouterOS 7.18.1# software id = 4EI5-7FHT## model = C53UiG+5HPaxD2HPaxD/interface bridgeadd admin-mac=F4:1E:57:2C:EE:22 auto-mac=no comment=defconf name=bridge/interface wifiset [ find default-name=wifi1 ] channel.skip-dfs-channels=10min-cac \ configuration.country=Sweden .mode=ap .ssid=SSID disabled=no \ security.authentication-types=wpa2-psk .ft=yes .ft-over-ds=yesset [ find default-name=wifi2 ] channel.skip-dfs-channels=10min-cac \ configuration.country=Sweden .mode=ap .ssid=SSID-2G disabled=no \ security.authentication-types=wpa2-psk .ft=yes .ft-over-ds=yesadd configuration.mode=ap .ssid=SSID-Guest disabled=no mac-address=\ F6:1E:57:2C:EE:26 master-interface=wifi1 name=wifi3 \ security.authentication-types=wpa2-pskadd configuration.mode=ap .ssid=SSID-Guest disabled=no mac-address=\ F6:1E:57:2C:EE:27 master-interface=wifi2 name=wifi4 \ security.authentication-types=wpa2-psk/interface listadd comment=defconf name=WANadd comment=defconf name=LAN/ip pooladd name=default-dhcp ranges=192.168.88.10-192.168.88.254/ip dhcp-serveradd address-pool=default-dhcp interface=bridge name=defconf/disk settingsset auto-media-interface=bridge auto-media-sharing=yes auto-smb-sharing=yes/interface bridge filteradd action=drop chain=forward in-interface=wifi3add action=drop chain=forward out-interface=wifi3add action=drop chain=forward in-interface=wifi4add action=drop chain=forward out-interface=wifi4/interface bridge portadd bridge=bridge comment=defconf interface=ether2add bridge=bridge comment=defconf interface=ether3add bridge=bridge comment=defconf interface=ether4add bridge=bridge comment=defconf interface=ether5add bridge=bridge comment=defconf interface=wifi1add bridge=bridge comment=defconf interface=wifi2add bridge=bridge interface=wifi3add bridge=bridge interface=wifi4/ip neighbor discovery-settingsset discover-interface-list=LAN/interface list memberadd comment=defconf interface=bridge list=LANadd comment=defconf interface=ether1 list=WAN/ip addressadd address=192.168.88.1/24 comment=defconf interface=bridge network=\ 192.168.88.0/ip dhcp-clientadd comment=defconf interface=ether1/ip dhcp-server networkadd address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=\ 192.168.88.1/ip dnsset allow-remote-requests=yes/ip dns staticadd address=192.168.88.1 comment=defconf name=router.lan type=A/ip firewall filteradd action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untrackedadd action=drop chain=input comment="defconf: drop invalid" connection-state=\ invalidadd action=accept chain=input comment="defconf: accept ICMP" protocol=icmpadd action=accept chain=input comment=\ "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1add action=drop chain=input comment="defconf: drop all not coming from LAN" \ in-interface-list=!LANadd action=accept chain=forward comment="defconf: accept in ipsec policy" \ ipsec-policy=in,ipsecadd action=accept chain=forward comment="defconf: accept out ipsec policy" \ ipsec-policy=out,ipsecadd action=fasttrack-connection chain=forward comment="defconf: fasttrack" \ connection-state=established,related hw-offload=yesadd action=accept chain=forward comment=\ "defconf: accept established,related, untracked" connection-state=\ established,related,untrackedadd action=drop chain=forward comment="defconf: drop invalid" \ connection-state=invalidadd action=drop chain=forward comment=\ "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \ connection-state=new in-interface-list=WAN/ip firewall natadd action=masquerade chain=srcnat comment="defconf: masquerade" \ ipsec-policy=out,none out-interface-list=WAN/ipv6 firewall address-listadd address=::/128 comment="defconf: unspecified address" list=bad_ipv6add address=::1/128 comment="defconf: lo" list=bad_ipv6add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6add address=100::/64 comment="defconf: discard only " list=bad_ipv6add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6/ipv6 firewall filteradd action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untrackedadd action=drop chain=input comment="defconf: drop invalid" connection-state=\ invalidadd action=accept chain=input comment="defconf: accept ICMPv6" protocol=\ icmpv6add action=accept chain=input comment="defconf: accept UDP traceroute" \ dst-port=33434-33534 protocol=udpadd action=accept chain=input comment=\ "defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\ udp src-address=fe80::/10add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \ protocol=udpadd action=accept chain=input comment="defconf: accept ipsec AH" protocol=\ ipsec-ahadd action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\ ipsec-espadd action=accept chain=input comment=\ "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsecadd action=drop chain=input comment=\ "defconf: drop everything else not coming from LAN" in-interface-list=\ !LANadd action=fasttrack-connection chain=forward comment="defconf: fasttrack6" \ connection-state=established,relatedadd action=accept chain=forward comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untrackedadd action=drop chain=forward comment="defconf: drop invalid" \ connection-state=invalidadd action=drop chain=forward comment=\ "defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6add action=drop chain=forward comment=\ "defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \ hop-limit=equal:1 protocol=icmpv6add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\ icmpv6add action=accept chain=forward comment="defconf: accept HIP" protocol=139add action=accept chain=forward comment="defconf: accept IKE" dst-port=\ 500,4500 protocol=udpadd action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\ ipsec-ahadd action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\ ipsec-espadd action=accept chain=forward comment=\ "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsecadd action=drop chain=forward comment=\ "defconf: drop everything else not coming from LAN" in-interface-list=\ !LAN/system clockset time-zone-name=Europe/Stockholm/system noteset show-at-login=no/system routerboard mode-buttonset enabled=yes on-event=dark-mode/system routerboard wps-buttonset enabled=yes on-event=wps-accept/system scriptadd comment=defconf dont-require-permissions=no name=dark-mode owner=*sys \ policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ source="\r\ \n :if ([system leds settings get all-leds-off] = \"never\") do={\r\ \n /system leds settings set all-leds-off=immediate \r\ \n } else={\r\ \n /system leds settings set all-leds-off=never \r\ \n }\r\ \n "add comment=defconf dont-require-permissions=no name=wps-accept owner=*sys \ policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ source="\r\ \n :foreach iface in=[/interface/wifi find where (configuration.mode=\"a\ p\" && disabled=no)] do={\r\ \n /interface/wifi wps-push-button \$iface;}\r\ \n "/tool mac-serverset allowed-interface-list=LAN/tool mac-server mac-winboxset allowed-interface-list=LANStatistics: Posted by theseal — Thu Mar 27, 2025 10:52 pm