If I may, it is not a good idea to connect a router to internet without a proper set of firewall rules.
You should first thing add these (they are the default ones from Mikrotik for other devices, adapted for your case):
When fiddling with a Mikrotik with only an interface as WAN all the rest in a LAN bridge it is extremely easy to get locked out by the firewall filter rules or from some other limitations, so the usual advice is to take a port (let’s say ether8 in your case out of the bridge and categorize it as MGMT, besides LAN.
This snippet “categorizes” interfaces and explicitly allows Winbox on the LAN bridge and ether8 ( later ether8 will become only MGMT interface).
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
add comment=defconf name=MGMT
/interface list member
add interface="ether1 -WAN" list=WAN
add interface="bridge- LAN" list=LAN
add interface=ether8 list=LAN
add interface=ether8 list=MGMT
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
though personally I would get rid of the space (and of the double quotes) in the names of interfaces, ether1_WAN and bridge_LAN remain perfectly readable.
Then the basic default firewall filter rules:
/ip firewall filter
add chain=input action=accept connection-state=established,related,untracked comment="defconf: accept established,related,untracked"
add chain=input action=drop connection-state=invalid comment="defconf: drop invalid"
add chain=input action=accept protocol=icmp comment="defconf: accept ICMP"
add chain=input action=accept dst-address=127.0.0.1 comment="defconf: accept to local loopback (for CAPsMAN)"
add chain=input action=drop in-interface-list=!LAN comment="defconf: drop all not coming from LAN"
add chain=forward action=accept ipsec-policy=in,ipsec comment="defconf: accept in ipsec policy"
add chain=forward action=accept ipsec-policy=out,ipsec comment="defconf: accept out ipsec policy"
add chain=forward action=fasttrack-connection connection-state=established,related comment="defconf: fasttrack"
add chain=forward action=accept connection-state=established,related,untracked comment="defconf: accept established,related, untracked"
add chain=forward action=drop connection-state=invalid comment="defconf: drop invalid"
add chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface-list=WAN comment="defconf: drop all from WAN not DSTNATed"
Then I would add an address like 192.168.88.1/24 to ether8, so that you can manually connect to it sertting your PC to 192.168.88.2, Winbox should be able to connect to it via MAC no matter the IP address.
Be careful when doing these changes, try first them in Safe mode and check that you still have connection to the RB5009.
If you have doubts, ask before making them.