See my export of my router below, the section "/interface wifi capsman" part is in the export:
# 2023-12-26 21:47:16 by RouterOS 7.13
# software id = 7Z28-IETK
#
# model = C52iG-5HaxD2HaxD
# serial number = HEP099KCHF8
/interface bridge
add comment=WAN name=br_WAN_ISP port-cost-mode=short
add comment=WAN name=br_WAN_LTE port-cost-mode=short
add comment="Guest network" ingress-filtering=no name=br_guest \
port-cost-mode=short vlan-filtering=yes
add comment="LAN network" ingress-filtering=no name=br_lan port-cost-mode=\
short vlan-filtering=yes
add comment=OOB name=br_local port-cost-mode=short
/interface wireguard
add comment=back-to-home-vpn listen-port=43955 mtu=1420 name=back-to-home-vpn
/interface vlan
add interface=ether1 name=ether1_vl_GUEST vlan-id=70
add interface=ether1 name=ether1_vl_LAN vlan-id=60
add interface=ether1 name=ether1_vl_WAN_LTE vlan-id=50
add interface=ether3 name=ether3_vl_GUEST vlan-id=70
add interface=ether3 name=ether3_vl_LAN vlan-id=60
add interface=ether4 name=ether4_vl_GUEST vlan-id=70
add interface=ether4 name=ether4_vl_LAN vlan-id=60
add interface=ether5 name=ether5_vl_local vlan-id=70
add interface=br_guest name="vl_GUEST on br_GUEST" vlan-id=70
add interface=br_lan name="vl_LAN on br_LAN" vlan-id=60
/interface list
add name=LEASES
add name=UNTRUSTED
add name=WAN
add name=LAN
/interface wifi channel
add band=2ghz-ax disabled=no name=ch_2.4Ghz width=20mhz
add band=5ghz-ax disabled=no name=ch_5Ghz width=20/40/80mhz
/interface wifi datapath
add bridge=br_lan disabled=no name="br_LAN - VLAN 60" vlan-id=60
add bridge=br_guest disabled=no name="br_GUEST - VLAN 70" vlan-id=70
/interface wifi security
add authentication-types=wpa2-psk connect-priority=0 disabled=no name=\
seccfg_Cussangy
add authentication-types=wpa2-psk connect-priority=0 disabled=no name=\
seccfg_Cussangy_guest
/interface wifi
set [ find default-name=wifi2 ] configuration.country=France .mode=ap .ssid=\
Cussangy datapath.bridge=br_lan disabled=no name=Router_Cussangy_2.4Ghz \
security=seccfg_Cussangy security.connect-priority=0
set [ find default-name=wifi1 ] configuration.country=France .mode=ap .ssid=\
Cussangy datapath.bridge=br_lan disabled=no name=Router_Cussangy_5Ghz \
security=seccfg_Cussangy security.connect-priority=0
add configuration.mode=ap .ssid=Cussangy_guest datapath.bridge=br_guest \
disabled=no mac-address=7A:9A:18:01:AE:31 master-interface=\
Router_Cussangy_2.4Ghz name=Router_Cussangy_guest_2.4Ghz security=\
seccfg_Cussangy_guest security.connect-priority=0
add configuration.mode=ap .ssid=Cussangy_guest datapath.bridge=br_guest \
disabled=no mac-address=7A:9A:18:01:AE:2F master-interface=\
Router_Cussangy_5Ghz name=Router_Cussangy_guest_5Ghz security=\
seccfg_Cussangy_guest security.connect-priority=0
/interface wifi configuration
add datapath="br_LAN - VLAN 60" disabled=no mode=ap name=cfg_Cussangy_2.4Ghz \
security=seccfg_Cussangy security.connect-priority=0 ssid=Cussangy
add channel=ch_5Ghz country=France datapath="br_LAN - VLAN 60" disabled=no \
mode=ap name=cfg_Cussangy_5Ghz security=seccfg_Cussangy \
security.connect-priority=0 ssid=Cussangy
add channel=ch_2.4Ghz country=France datapath="br_GUEST - VLAN 70" disabled=\
no mode=ap name=cfg_Cussangy_guest_2.4Ghz security=seccfg_Cussangy_guest \
security.connect-priority=0 ssid=Cussangy_guest
add channel=ch_5Ghz country=France datapath="br_GUEST - VLAN 70" disabled=no \
mode=ap name=cfg_Cussangy_guest_5Ghz security=seccfg_Cussangy_guest \
security.connect-priority=0 ssid=Cussangy_guest
/ip ipsec profile
add dh-group=modp2048 enc-algorithm=aes-256 hash-algorithm=sha512 name=\
profile1 proposal-check=strict
/ip ipsec peer
add address=bpnet.duckdns.org exchange-mode=ike2 name=bpnet profile=profile1
/ip ipsec proposal
add auth-algorithms="" enc-algorithms=aes-128-gcm lifetime=1h name=proposal1 \
pfs-group=modp2048
/ip pool
add name=dhcp_local ranges=192.168.77.10-192.168.77.250
add name=dhcp_lan ranges=192.168.60.10-192.168.60.250
add name=dhcp_guest ranges=192.168.70.10-192.168.70.250
/ip dhcp-server
add address-pool=dhcp_local interface=br_local lease-time=1h name=dhcp_local
add address-pool=dhcp_lan interface=br_lan lease-time=1d name=dhcp_lan
add address-pool=dhcp_guest interface=br_guest name=dhcp_guest
/user group
add name=homeassistant policy="read,test,api,!local,!telnet,!ssh,!ftp,!reboot,\
!write,!policy,!winbox,!password,!web,!sniff,!sensitive,!romon,!rest-api"
/interface bridge port
add bridge=br_WAN_ISP disabled=yes interface=ether2 internal-path-cost=10 \
path-cost=10
add bridge=br_WAN_LTE interface=ether1_vl_WAN_LTE internal-path-cost=10 \
path-cost=10
add bridge=br_lan interface=ether3_vl_LAN internal-path-cost=10 path-cost=10
add bridge=br_lan interface=ether4_vl_LAN internal-path-cost=10 path-cost=10
add bridge=br_local interface=ether5_vl_local internal-path-cost=10 \
path-cost=10
add bridge=br_guest interface=ether3_vl_GUEST internal-path-cost=10 \
path-cost=10
add bridge=br_guest interface=ether4_vl_GUEST internal-path-cost=10 \
path-cost=10
add bridge=br_local disabled=yes interface=ether5 internal-path-cost=10 \
path-cost=10
add bridge=br_lan disabled=yes interface=ether3 internal-path-cost=10 \
path-cost=10
add bridge=br_lan disabled=yes interface=ether4 internal-path-cost=10 \
path-cost=10
add bridge=br_guest interface=ether1_vl_GUEST internal-path-cost=10 \
path-cost=10
add bridge=br_lan interface=ether1_vl_LAN internal-path-cost=10 path-cost=10
add bridge=br_local interface=ether5 internal-path-cost=10 path-cost=10
add bridge=br_lan interface=ether2
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface detect-internet
set wan-interface-list=WAN
/interface list member
add disabled=yes interface=br_guest list=LEASES
add interface=br_WAN_LTE list=UNTRUSTED
add interface=br_WAN_ISP list=UNTRUSTED
add disabled=yes interface=br_guest list=UNTRUSTED
add interface=br_WAN_ISP list=WAN
add interface=br_WAN_LTE list=WAN
/interface wifi access-list
add action=accept comment="Accept rule" disabled=no signal-range=-90..-10 \
time=0s-1d,sun,mon,tue,wed,thu,fri,sat
add action=reject comment="Reject rule" disabled=no signal-range=-120..-90 \
time=0s-1d,sun,mon,tue,wed,thu,fri,sat
/interface wifi cap
set caps-man-names=2.4-Cussangy discovery-interfaces=all enabled=yes
/interface wifi capsman
set enabled=yes interfaces=all package-path="" require-peer-certificate=no \
upgrade-policy=none
/interface wifi provisioning
add action=create-dynamic-enabled comment=APCussangyBureau5Ghz disabled=no \
master-configuration=cfg_Cussangy_5Ghz name-format=AP_Bureau_5Ghz \
radio-mac=48:A9:8A:92:7B:F5 slave-configurations=cfg_Cussangy_guest_5Ghz
add action=create-dynamic-enabled comment=APCussangyBureau2.4Ghz disabled=no \
master-configuration=cfg_Cussangy_2.4Ghz name-format=AP_Bureau_2.4Ghz \
radio-mac=48:A9:8A:92:7B:F6 slave-configurations=\
cfg_Cussangy_guest_2.4Ghz
add action=create-dynamic-enabled comment=APCussangyBoven5Ghz disabled=no \
master-configuration=cfg_Cussangy_5Ghz name-format=AP_Boven_5Ghz \
radio-mac=48:A9:8A:B8:F2:29 slave-configurations=cfg_Cussangy_guest_5Ghz
add action=create-dynamic-enabled comment=APCussangyBoven2.4Ghz disabled=no \
master-configuration=cfg_Cussangy_2.4Ghz name-format=AP_Boven_2.4Ghz \
radio-mac=48:A9:8A:B8:F2:2A slave-configurations=\
cfg_Cussangy_guest_2.4Ghz
/interface wireguard peers
add allowed-address=192.168.216.3/32,fc00:0:0:216::3/128 client-address=\
192.168.216.3/32,fc00:0:0:216::3/128 client-dns=192.168.216.1 \
client-endpoint=hep099kchf8.vpn.mynetname.net client-keepalive=30s \
comment="RouterCussangy | samsung SM-S901B" interface=back-to-home-vpn \
persistent-keepalive=30s private-key=\
"kOnGRkkmHF57J4ItY44BhSTcgfLH+9tgXWJA3l6s628=" public-key=\
"yuSjX+e/CXlIWf58G9pTp2dyqgPIRsywKJd+k6xefBU="
add allowed-address=192.168.216.5/32,fc00:0:0:216::5/128 client-address=\
192.168.216.5/32,fc00:0:0:216::5/128 client-dns=192.168.216.1 \
client-endpoint=hep099kchf8.vpn.mynetname.net client-keepalive=30s \
comment="BjornPC | samsung SM-S901B" interface=back-to-home-vpn \
persistent-keepalive=30s private-key=\
"aDmBo2O0lMUKTyP5LD4mWWuPvHW8m8VKx3Dib+gpm2g=" public-key=\
"4aRPQ0KHaOqD4dKuPt10vg5j2WW94JUvrKIvBnox0m4="
add allowed-address=192.168.216.4/32,fc00:0:0:216::4/128 client-address=\
192.168.216.4/32,fc00:0:0:216::4/128 client-dns=192.168.216.1 \
client-endpoint=hep099kchf8.vpn.mynetname.net client-keepalive=30s \
comment="BjornPC | samsung SM-S901B" interface=back-to-home-vpn \
persistent-keepalive=30s private-key=\
"mBrFwwQOswSP9AM0KrMK19oP54lXEkIUE5UefU9bo1o=" public-key=\
"mmbD54Qgxfs9Y1F+WZzmmcFIvxJ68HsZGSYSzaPuRDg="
/ip address
add address=192.168.77.254/24 interface=br_local network=192.168.77.0
add address=192.168.60.254/24 interface=br_lan network=192.168.60.0
add address=192.168.70.254/24 interface=br_guest network=192.168.70.0
add address=192.168.80.1/24 interface=*16 network=192.168.80.0
/ip cloud
set back-to-home-vpn=enabled ddns-enabled=yes ddns-update-interval=10m
/ip dhcp-client
add interface=br_WAN_ISP use-peer-dns=no
add interface=br_WAN_LTE
/ip dhcp-server lease
add address=192.168.60.250 client-id=1:48:a9:8a:92:7b:f0 mac-address=\
48:A9:8A:92:7B:F0 server=dhcp_lan
add address=192.168.60.251 client-id=1:48:a9:8a:b8:f2:24 mac-address=\
48:A9:8A:B8:F2:24 server=dhcp_lan
/ip dhcp-server network
add address=192.168.60.0/24 comment=net_lan dns-server=192.168.60.254 domain=\
lan.cussangy.local gateway=192.168.60.254 netmask=24
add address=192.168.70.0/24 comment=net_guest dns-server=192.168.70.254 \
domain=guest.cussangy.local gateway=192.168.70.254 netmask=24
add address=192.168.77.0/24 comment=net_oob dns-server=192.168.77.1 gateway=\
192.168.77.1
/ip dns
set allow-remote-requests=yes servers=193.190.198.14,1.1.1.1
/ip firewall address-list
add address=172.16.0.0/12 list=RFC1918
add address=192.168.0.0/16 list=RFC1918
add address=10.0.0.0/8 list=RFC1918
add address=bpnet.duckdns.org list="VPN sources"
/ip firewall filter
add action=passthrough chain=forward comment=\
"special dummy rule to show fasttrack counters"
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=accept chain=input comment="Accept OOB Access" in-interface=\
br_local
add action=accept chain=input comment="General - Established Input"
add action=accept chain=input comment="Allow Wireguard VPN" disabled=yes \
src-address=192.168.80.0/24
add action=accept chain=input comment="Allow Wireguard VPN" disabled=yes \
dst-port=13231 protocol=udp
add action=accept chain=input comment="VPN - Accept incoming IKE" disabled=\
yes dst-port=500,4500 in-interface=br_WAN_LTE log-prefix=IKE protocol=udp \
src-address-list="VPN sources"
add action=accept chain=input disabled=yes in-interface=br_WAN_LTE protocol=\
ipsec-esp src-address-list="VPN sources"
add action=accept chain=forward comment=\
"OPENVPN forward to Raspberry Pi static adress" disabled=yes dst-address=\
192.168.60.33 dst-port=1194 protocol=udp
add action=accept chain=input comment="HomeAssistant Integration" \
dst-address=192.168.60.254 dst-port=8728 in-interface=br_lan protocol=tcp
add action=accept chain=input comment="FW - Accept ICMP to FW" in-interface=\
!br_WAN_ISP protocol=icmp src-address-list=RFC1918
add action=accept chain=input comment="FW - Accept ICMP to FW" in-interface=\
!br_WAN_LTE protocol=icmp src-address-list=RFC1918
add action=accept chain=input comment="FW - DNS to FW" dst-port=53 \
in-interface=!br_WAN_ISP protocol=udp
add action=accept chain=input comment="FW - DNS to FW" dst-port=53 \
in-interface=!br_WAN_LTE protocol=udp
add action=accept chain=input comment="FW - Accept incoming from LAN" \
dst-address=192.168.60.254 in-interface=br_lan src-address=\
192.168.60.0/24
add action=accept chain=input comment=\
"FW - accept incoming Veemarkt over ISP" disabled=yes dst-address=\
192.168.60.254 in-interface=br_WAN_ISP src-address=192.168.205.0/24
add action=accept chain=input comment=\
"FW - Accept incoming Veemarkt over LTE" disabled=yes dst-address=\
192.168.60.254 in-interface=br_WAN_LTE src-address=192.168.205.0/24
add action=accept chain=input comment=\
"FW - Accept incoming from PBNET over ISP" disabled=yes dst-address=\
192.168.60.254 in-interface=br_WAN_ISP src-address=192.168.1.0/24
add action=accept chain=input comment=\
"FW - Accept incoming from PBNET over LTE" disabled=yes dst-address=\
192.168.60.254 in-interface=br_WAN_LTE src-address=192.168.1.0/24
add action=drop chain=input comment="FW - Drop Input UDP - silent" dst-port=\
123,137,138 protocol=udp
add action=drop chain=input comment="FW - Drop Incoming WAN over ISP" \
in-interface=br_WAN_ISP
add action=drop chain=input comment="FW - Drop incoming WAN over LTE" \
in-interface=br_WAN_LTE
add action=drop chain=input comment="FW - Drop all IN"
add action=drop chain=input comment="General - Broadcast silent drop" \
dst-address=255.255.255.255
add action=drop chain=input comment="General - Drop Invalid Input"
add action=accept chain=forward comment="Allow Wireguard to LAN" disabled=yes \
in-interface=*16 out-interface="vl_LAN on br_LAN"
add action=accept chain=forward comment="VPN: accept incoming IPSEC" \
disabled=yes ipsec-policy=in,ipsec
add action=accept chain=forward comment="VPN: accept outgoing IPSEC" \
disabled=yes ipsec-policy=out,ipsec
add action=accept chain=forward comment="LAN - Allow Internet over ISP" \
dst-address-list=!RFC1918 in-interface=br_lan out-interface=br_WAN_ISP \
src-address=192.168.60.0/24
add action=accept chain=forward comment="LAN - Allow Internet over LTE" \
dst-address-list=!RFC1918 in-interface=br_lan out-interface=br_WAN_LTE \
src-address=192.168.60.0/24
add action=accept chain=forward comment="GUEST - Allow Internet over ISP" \
dst-address-list=!RFC1918 in-interface=br_guest out-interface=br_WAN_ISP \
src-address=192.168.70.0/24
add action=accept chain=forward comment="GUEST - Allow Internet over LTE" \
dst-address-list=!RFC1918 in-interface=all-wireless out-interface=\
br_guest src-address=192.168.70.0/24
add action=accept chain=forward comment=Statefull connection-state=\
established
add action=accept chain=output comment="Outgoing DNS over ISP" dst-port=53 \
out-interface=br_WAN_ISP protocol=udp
add action=accept chain=output comment="Outgoing DNS over LTE" dst-port=53 \
out-interface=br_WAN_LTE protocol=udp
add action=accept chain=forward comment="VPN IN from PBNET" disabled=yes \
dst-address=192.168.60.0/24 src-address=192.168.1.0/24
add action=accept chain=forward comment="VPN IN from Veemarkt" disabled=yes \
dst-address=192.168.60.0/24 src-address=192.168.205.0/24
add action=accept chain=forward comment="VPN - LAN out to PBNET" disabled=yes \
dst-address=192.168.1.0/24 src-address=192.168.60.0/24
add action=accept chain=forward comment="VPN - LAN out to Veemarkt" disabled=\
yes dst-address=192.168.205.0/24 src-address=192.168.60.0/24
add action=accept chain=forward comment=\
"General - Accept established forward"
add action=drop chain=forward comment="General - Drop invalid forward"
add action=accept chain=forward comment="LAN - ping not ISP" in-interface=\
br_lan out-interface=!br_WAN_ISP protocol=icmp src-address=\
192.168.60.0/24
add action=accept chain=forward comment="LAN - ping not LTE" in-interface=\
br_lan out-interface=!br_WAN_LTE protocol=icmp src-address=\
192.168.60.0/24
add action=accept chain=forward comment="LAN - Allow internet over ISP" \
disabled=yes dst-address-list=!RFC1918 in-interface=br_lan out-interface=\
br_WAN_ISP src-address=192.168.60.0/24
add action=accept chain=forward comment="LAN - Allow internet over LTE" \
disabled=yes dst-address-list=!RFC1918 in-interface=br_lan out-interface=\
br_WAN_LTE src-address=192.168.60.0/24
add action=accept chain=forward comment="GUEST - Allow internet over ISP" \
disabled=yes dst-address-list=!RFC1918 in-interface=br_guest \
out-interface=br_WAN_ISP src-address=192.168.70.0/24
add action=accept chain=forward comment="GUEST - Allow internet over LTE" \
disabled=yes dst-address-list=!RFC1918 in-interface=br_guest \
out-interface=br_WAN_LTE src-address=192.168.70.0/24
add action=drop chain=forward comment="DROP ALL - Silent Drop" dst-port=\
123,137,138 protocol=udp
add action=drop chain=forward comment="DROP ALL"
/ip firewall mangle
add action=clear-df chain=postrouting disabled=yes out-interface=br_WAN_ISP \
passthrough=yes
add action=clear-df chain=postrouting disabled=yes out-interface=br_WAN_LTE \
passthrough=yes
/ip firewall nat
add action=accept chain=srcnat comment="IPsec No-NAT" ipsec-policy=out,ipsec
add action=src-nat chain=srcnat comment="NAT OpenVPN server" disabled=yes \
dst-address=192.168.60.33 dst-port=1194 protocol=udp to-addresses=\
192.168.60.254
add action=dst-nat chain=dstnat comment="NAT OpenVPN server" disabled=yes \
dst-port=1194 protocol=udp to-addresses=192.168.60.33 to-ports=1104
add action=masquerade chain=srcnat disabled=yes log=yes out-interface=\
br_WAN_ISP
add action=masquerade chain=srcnat out-interface=br_WAN_LTE
add action=masquerade chain=srcnat comment="Masquerade out LAN to WAN" \
disabled=yes out-interface-list=WAN src-address=192.168.60.0/24
add action=masquerade chain=srcnat comment="Masquerade out guest to WAN" \
out-interface-list=WAN src-address=192.168.70.0/24
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
/ip ipsec identity
add auth-method=digital-signature certificate=cert01-vpn-cussangy \
generate-policy=port-strict match-by=certificate peer=bpnet \
remote-certificate=cert02-vpn-bpnet.crt_0
/ip ipsec policy
set 0 disabled=yes
add dst-address=192.168.1.0/24 peer=bpnet proposal=proposal1 src-address=\
192.168.60.0/24 tunnel=yes
/ip route
add comment="Route to PBNET over ISP" disabled=yes distance=1 dst-address=\
192.168.1.0/24 gateway=br_WAN_ISP pref-src="" routing-table=main scope=30 \
suppress-hw-offload=no target-scope=10
add comment="Route to PBNET over LTE" disabled=no distance=2 dst-address=\
192.168.1.0/24 gateway=br_WAN_LTE pref-src="" routing-table=main scope=30 \
suppress-hw-offload=no target-scope=10
add comment="Route to Veemarkt over ISP" disabled=yes distance=1 dst-address=\
192.168.205.0/24 gateway=br_WAN_ISP pref-src="" routing-table=main scope=\
30 suppress-hw-offload=no target-scope=10
add comment="Route to Veemarkt over LTE" disabled=no distance=2 dst-address=\
192.168.205.0/24 gateway=br_WAN_LTE pref-src="" routing-table=main scope=\
30 suppress-hw-offload=no target-scope=10
add comment="To WAN over br_WAN_ISP" disabled=yes distance=1 dst-address=\
0.0.0.0/0 gateway=br_WAN_ISP pref-src="" routing-table=main scope=30 \
suppress-hw-offload=no target-scope=10
add comment="To WAN over br_WAN_LTE" disabled=no distance=2 dst-address=\
0.0.0.0/0 gateway=br_WAN_LTE pref-src="" routing-table=main \
suppress-hw-offload=no
add comment="Recursive routing: check route over WAN_ISP" disabled=yes \
distance=1 dst-address=8.8.8.8/32 gateway=br_WAN_ISP pref-src="" \
routing-table=main scope=10 suppress-hw-offload=no target-scope=10
add comment="Recursive routing: check route over WAN_LTE" disabled=yes \
distance=1 dst-address=1.1.1.1/32 gateway=br_WAN_LTE pref-src="" \
routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add check-gateway=ping comment="Recursive routing over WAN_ISP" disabled=yes \
distance=1 dst-address=0.0.0.0/0 gateway=8.8.8.8 pref-src="" \
routing-table=main scope=30 suppress-hw-offload=no target-scope=10
add check-gateway=ping comment="Recursive routing over WAN_LTE" disabled=yes \
distance=2 dst-address=0.0.0.0/0 gateway=1.1.1.1 pref-src="" \
routing-table=main scope=10 suppress-hw-offload=no target-scope=10
/system clock
set time-zone-name=Europe/Brussels
/system identity
set name=RouterCussangy
/system logging
add topics=wireless,debug
/system note
set show-at-login=no
/system scheduler
add comment="schedule duckdns cussangylte" interval=1d name=cussangylte \
on-event="DuckDNS CussangyLTE" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=2023-11-17 start-time=00:00:00
add comment="schedule duckdns cussangyisp" interval=1d name=cussangyisp \
on-event="DuckDNS CussangyISP" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=2023-11-17 start-time=00:00:00
/system script
add dont-require-permissions=no name="DUCKDNS Update CussangyLTE" owner=admin \
policy=read,write,policy,test,password,sniff,sensitive,romon source="# Get\
\_the actual public IP from the br_WAN_LTE interface\
\n:global actualIP value=[/ip address get [find where interface=br_WAN_LTE\
] value-name=address];\
\n\
\n# Remove the subnet from the result, so only the IP is left\
\n:global actualIP value=[:pick \$actualIP -1 [:find \$actualIP \"/\" -1] \
];\
\n\
\n# If there is no ipstore.txt file yet, create it\
\n:if ([:len [/file find where name=ipstore.txt]] < 1 ) do={\
\n /file print file=ipstore.txt where name=ipstore.txt;\
\n /delay delay-time=2;\
\n /file set ipstore.txt contents=\"0.0.0.0\";\
\n};\
\n\
\n# Get the previousIP from the ipstore.txt file\
\n:global previousIP value=[/file get [find where name=ipstore.txt ] value\
-name=contents];\
\n\
\n# Compare previousIP with actualIP\
\n# If not the same, update duckdns.org with the new actualIP\
\n# Update ipstore.txt with the new actualIP\
\n:if (\$previousIP != \$actualIP) do={\
\n :log info message=(\"DuckDNS: try to Update DuckDNS with actual IP \"\
.\$actualIP.\" - Previous IP is \".\$previousIP);\
\n \
\n /tool fetch mode=https keep-result=yes dst-path=duckdns-result.txt ad\
dress=[:resolve www.duckdns.org] port=443 host=www.duckdns.org src-path=(\
\"/update\?domains=*&token=*\
ip=\".\$actualIP);\
\n \
\n /delay delay-time=5;\
\n \
\n :global lastChange value=[/file get [find where name=duckdns-result.t\
xt ] value-name=contents];\
\n :global previousIP value=\$actualIP;\
\n /file set ipstore.txt contents=\$actualIP;\
\n \
\n :if (\$lastChange = \"OK\") do={:log warning message=(\"DuckDNS: upda\
te successfull with IP \".\$actualIP);};\
\n :if (\$lastChange = \"KO\") do={:log error message=(\"DuckDNS: failed\
\_to update DuckDNS with new IP \".\$actualIP);};\
\n} else={\
\n :log info message=(\"DuckDNS: no update required. Actual IP: \".\$act\
ualIP);\
\n}"
add dont-require-permissions=no name="DUCKDNS Update CussangyISP" owner=admin \
policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
source="# Get the actual public IP from the bridge_PUB interface\
\n:global actualIP value=[/ip address get [find where interface=br_WAN_ISP\
] value-name=address];\
\n\
\n# Remove the subnet from the result, so only the IP is left\
\n:global actualIP value=[:pick \$actualIP -1 [:find \$actualIP \"/\" -1] \
];\
\n\
\n# If there is no ipstoreISP.txt file yet, create it\
\n:if ([:len [/file find where name=ipstoreISP.txt]] < 1 ) do={\
\n /file print file=ipstoreISP.txt where name=ipstoreISP.txt;\
\n /delay delay-time=2;\
\n /file set ipstoreISP.txt contents=\"0.0.0.0\";\
\n};\
\n\
\n# Get the previousIP from the ipstore.txt file\
\n:global previousIP value=[/file get [find where name=ipstoreISP.txt ] va\
lue-name=contents];\
\n\
\n# Compare previousIP with actualIP\
\n# If not the same, update duckdns.org with the new actualIP\
\n# Update ipstoreISP.txt with the new actualIP\
\n:if (\$previousIP != \$actualIP) do={\
\n :log info message=(\"DuckDNS: try to Update DuckDNS with actual IP \"\
.\$actualIP.\" - Previous IP is \".\$previousIP);\
\n \
\n /tool fetch mode=https keep-result=yes dst-path=duckdns-result.txt ad\
dress=[:resolve www.duckdns.org] port=443 host=www.duckdns.org src-path=(\
\"/update\?domains=*&token=*\
ip=\".\$actualIP);\
\n \
\n /delay delay-time=5;\
\n \
\n :global lastChange value=[/file get [find where name=duckdns-result.t\
xt ] value-name=contents];\
\n :global previousIP value=\$actualIP;\
\n /file set ipstoreISP.txt contents=\$actualIP;\
\n \
\n :if (\$lastChange = \"OK\") do={:log warning message=(\"DuckDNS: upda\
te successfull with IP \".\$actualIP);};\
\n :if (\$lastChange = \"KO\") do={:log error message=(\"DuckDNS: failed\
\_to update DuckDNS with new IP \".\$actualIP);};\
\n} else={\
\n :log info message=(\"DuckDNS: no update required. Actual IP: \".\$act\
ualIP);\
\n}"