I am still new to Mikrotik and getting acclimated to Winbox and properly configuring the CRS125.
Looking for verification/opinions/recommendations on my configuration script. I have adapted it from the default config, wiki and a couple personal preferences.
Background:
Location: Home router
ISP Connection: 50/25 FIOS
RouterOS Version: 6.8rc1 (latest download)
Special Requirements: UPNP supporting media devices (primarily directv), Xbox Live. Would love to dump UPnP but I have the Wife Approval factor against me, things just need to work…. 
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway
set [ find default-name=ether2 ] name=ether2-master-local
set [ find default-name=ether3 ] master-port=ether2-master-local name=\
ether3-slave-local
set [ find default-name=ether4 ] master-port=ether2-master-local name=\
ether4-slave-local
set [ find default-name=ether5 ] master-port=ether2-master-local name=\
ether5-slave-local
set [ find default-name=ether6 ] master-port=ether2-master-local name=\
ether6-slave-local
set [ find default-name=ether7 ] master-port=ether2-master-local name=\
ether7-slave-local
set [ find default-name=ether8 ] master-port=ether2-master-local name=\
ether8-slave-local
set [ find default-name=ether9 ] master-port=ether2-master-local name=\
ether9-slave-local
set [ find default-name=ether10 ] master-port=ether2-master-local name=\
ether10-slave-local
set [ find default-name=ether11 ] master-port=ether2-master-local name=\
ether11-slave-local
set [ find default-name=ether12 ] master-port=ether2-master-local name=\
ether12-slave-local
set [ find default-name=ether13 ] master-port=ether2-master-local name=\
ether13-slave-local
set [ find default-name=ether14 ] master-port=ether2-master-local name=\
ether14-slave-local
set [ find default-name=ether15 ] master-port=ether2-master-local name=\
ether15-slave-local
set [ find default-name=ether16 ] master-port=ether2-master-local name=\
ether16-slave-local
set [ find default-name=ether17 ] master-port=ether2-master-local name=\
ether17-slave-local
set [ find default-name=ether18 ] master-port=ether2-master-local name=\
ether18-slave-local
set [ find default-name=ether19 ] master-port=ether2-master-local name=\
ether19-slave-local
set [ find default-name=ether20 ] master-port=ether2-master-local name=\
ether20-slave-local
set [ find default-name=ether21 ] master-port=ether2-master-local name=\
ether21-slave-local
set [ find default-name=ether22 ] master-port=ether2-master-local name=\
ether22-slave-local
set [ find default-name=ether23 ] master-port=ether2-master-local name=\
ether23-slave-local
set [ find default-name=ether24 ] master-port=ether2-master-local name=\
ether24-slave-local
set [ find default-name=sfp1 ] name=sfp1-gateway
/ip neighbor discovery
set sfp1-gateway discover=no
/ip pool
add name=dhcp ranges=192.168.1.100-192.168.1.199
/ip dhcp-server
add address-pool=dhcp disabled=no interface=ether2-master-local lease-time=\
10m name=default
/port
set 0 name=serial0
/ip address
add address=192.168.1.1/24 comment="default configuration" interface=\
ether2-master-local network=192.168.1.0
/ip dhcp-client
add comment="default configuration" dhcp-options=hostname,clientid disabled=\
no interface=ether1-gateway
add comment="default configuration" dhcp-options=hostname,clientid disabled=\
no interface=sfp1-gateway
/ip dns
set allow-remote-requests=yes
/ip firewall address-list add address=192.168.1.0/24 disabled=no list=support
/ip firewall address-list
add address=0.0.0.0/8 comment="Self-Identification [RFC 3330]" \
disabled=no list=bogons
add address=10.0.0.0/8 comment="Private[RFC 1918" \
disabled=no list=bogons
add address=127.0.0.0/16 comment="Loopback [RFC 3330]" \
disabled=no list=bogons
add address=169.254.0.0/16 comment="Link Local [RFC 3330]" \
disabled=no list=bogons
add address=172.16.0.0/12 comment="Private[RFC 1918]" \
disabled=no list=bogons
add address=192.168.0.0/16 comment="Private[RFC 1918]" \
disabled=yes list=bogons
add address=192.0.2.0/24 comment="Reserved - IANA - TestNet1" \
disabled=no list=bogons
add address=192.88.99.0/24 comment="6to4 Relay Anycast [RFC 3068]" \
disabled=no list=bogons
add address=198.18.0.0/15 comment="NIDB Testing" \
disabled=no list=bogons
add address=198.51.100.0/24 comment="Reserved - IANA - TestNet2" \
disabled=no list=bogons
add address=203.0.113.0/24 comment="Reserved - IANA - TestNet3" \
disabled=no list=bogons
add address=224.0.0.0/4 comment="MC, Class D, IANA" \
disabled=no list=bogons
/ip firewall filter
add action=add-src-to-address-list address-list=Syn_Flooder address-list-timeout=30m chain=input \
comment="Add Syn Flood IP to the list" connection-limit=30,32 disabled=no protocol=tcp tcp-flags=syn
add action=drop chain=input comment="Drop to syn flood list" disabled=no src-address-list=Syn_Flooder
add action=add-src-to-address-list address-list=Port_Scanner address-list-timeout=1w chain=input comment="Port Scanner Detect"\
disabled=no protocol=tcp psd=21,3s,3,1
add action=drop chain=input comment="Drop to port scan list" disabled=no src-address-list=Port_Scanner
add action=jump chain=input comment="Jump for icmp input flow" disabled=no jump-target=ICMP protocol=icmp
add action=drop chain=input\
comment="Block all access to the winbox - except to support list"\
disabled=yes dst-port=8291 protocol=tcp src-address-list=!support
add action=jump chain=forward comment="Jump for icmp forward flow" disabled=no jump-target=ICMP protocol=icmp
add action=drop chain=forward comment="Drop to bogon list" disabled=no dst-address-list=bogons
add action=add-src-to-address-list address-list=spammers address-list-timeout=3h chain=forward comment="Add Spammers to the list for 3 hours"\
connection-limit=30,32 disabled=no dst-port=25,587 limit=30/1m,0 protocol=tcp
add action=drop chain=forward comment="Avoid spammers action" disabled=no dst-port=25,587 protocol=tcp src-address-list=spammers
add action=accept chain=input comment="Accept DNS - UDP" disabled=no port=53 protocol=udp
add action=accept chain=input comment="Accept DNS - TCP" disabled=no port=53 protocol=tcp
add action=accept chain=input comment="Full access to SUPPORT address list" disabled=no src-address-list=support
add action=accept chain=ICMP comment="Echo request - Avoiding Ping Flood" disabled=no icmp-options=8:0 limit=1,5 protocol=icmp
add action=accept chain=ICMP comment="Echo reply" disabled=no icmp-options=0:0 protocol=icmp
add action=accept chain=ICMP comment="Time Exceeded" disabled=no icmp-options=11:0 protocol=icmp
add action=accept chain=ICMP comment="Destination unreachable" disabled=no icmp-options=3:0-1 protocol=icmp
add action=accept chain=ICMP comment=PMTUD disabled=no icmp-options=3:4 protocol=icmp
add action=drop chain=ICMP comment="Drop to the other ICMPs" disabled=no protocol=icmp
add action=jump chain=output comment="Jump for icmp output" disabled=no jump-target=ICMP protocol=icmp
add action=accept chain=input comment="Accept to established connections" connection-state=established\
disabled=no
add action=accept chain=input comment="Accept to related connections" connection-state=related disabled=no
add chain=forward comment="Allow LAN access to router and Internet" \
connection-state=new in-interface=ether2-master-local
add chain=forward comment="Forward to established connections" \
connection-state=established
add chain=forward comment="Allow UPnP dynamic NAT rules" action=accept dst-address=192.168.1.0/24
add chain=forward comment="Forward to related connections" \
connection-state=related
add action=drop chain=input comment="Drop anything else"\
disabled=yes
/ip firewall nat
add action=masquerade chain=srcnat comment="Local Network NAT Masquerade Rule" \
out-interface=ether1-gateway
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=ether1-gateway type=external
add interface=ether2-master-local type=internal
/lcd interface
set ether1-gateway interface=ether1-gateway
set ether2-master-local interface=ether2-master-local
set ether3-slave-local interface=ether3-slave-local
set ether4-slave-local interface=ether4-slave-local
set ether5-slave-local interface=ether5-slave-local
set ether6-slave-local interface=ether6-slave-local
set ether7-slave-local interface=ether7-slave-local
set ether8-slave-local interface=ether8-slave-local
set ether9-slave-local interface=ether9-slave-local
set ether10-slave-local interface=ether10-slave-local
set ether11-slave-local interface=ether11-slave-local
set ether12-slave-local interface=ether12-slave-local
set ether13-slave-local interface=ether13-slave-local
set ether14-slave-local interface=ether14-slave-local
set ether15-slave-local interface=ether15-slave-local
set ether16-slave-local interface=ether16-slave-local
set ether17-slave-local interface=ether17-slave-local
set ether18-slave-local interface=ether18-slave-local
set ether19-slave-local interface=ether19-slave-local
set ether20-slave-local interface=ether20-slave-local
set ether21-slave-local interface=ether21-slave-local
set ether22-slave-local interface=ether22-slave-local
set ether23-slave-local interface=ether23-slave-local
set ether24-slave-local interface=ether24-slave-local
set sfp1-gateway interface=sfp1-gateway
/lcd interface pages
set 0 interfaces="ether1-gateway,ether2-master-local,ether3-slave-local,ether4\
-slave-local,ether5-slave-local,ether6-slave-local,ether7-slave-local,ethe\
r8-slave-local,ether9-slave-local,ether10-slave-local,ether11-slave-local,\
ether12-slave-local"
set 1 interfaces="ether13-slave-local,ether14-slave-local,ether15-slave-local,\
ether16-slave-local,ether17-slave-local,ether18-slave-local,ether19-slave-\
local,ether20-slave-local,ether21-slave-local,ether22-slave-local,ether23-\
slave-local,ether24-slave-local"
/system identity
set name=mikrotik
/system ntp client
set enabled=yes mode=unicast primary-ntp=204.74.68.55 secondary-ntp=\
64.125.79.30