I am working on a network with 2 wans; 3 lans on different bridges with different subnets from different dhcp server each:
I’m a newbie on the Mikrotik world 
I’m trying to learn. No, I do not want to change the current configuration, this is a learning exercise. so I need to know how to fix this. But I am opened to discussions about improving such an arrangement and create new learning exercises.
WAN1_lan1 → | MK | → bridge1_lan3 → AP1 → clients
WAN2_lan2 → | | → bridge2_lan4 → AP2 → clients
| | → bridge3_lan5 → AP3 → clients
WAN routes- get selected based on scripts
lan(1-5) → fizical ports
AP- acces point
considering the following:(below script) how can I access machines from one lan to another?
the weird part is that all clients can access 192.168.3.1; 192.168.4.1; 192.168.5.1
/interface bridge
add name=bridge1-LAN3
add name=bridge2-LAN4
add name=bridge3-LAN5
/interface ethernet
set [ find default-name=ether1 ] mac-address=XXX name=ether1-WAN1
set [ find default-name=ether2 ] name=ether2-WAN2
set [ find default-name=ether3 ] name=ether3-LAN3
set [ find default-name=ether4 ] name=ether4-LAN4
set [ find default-name=ether5 ] name=ether5-LAN5
/interface list
add name=WAN
add name=LAN
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=192.168.3.50-192.168.3.254
add name=dhcp_pool1 ranges=192.168.4.50-192.168.4.254
add name=dhcp_pool2 ranges=192.168.5.50-192.168.5.254
/ip dhcp-server
add address-pool=dhcp_pool0 interface=bridge1-LAN3 lease-time=1d name=dhcp1
add address-pool=dhcp_pool1 interface=bridge2-LAN4 lease-time=1d name=dhcp2
add address-pool=dhcp_pool2 interface=bridge3-LAN5 lease-time=1d name=dhcp3
/port
set 0 name=serial0
/routing bgp template
set default disabled=no output.network=bgp-networks
/routing ospf instance
add disabled=no name=default-v2
/routing ospf area
add disabled=yes instance=default-v2 name=backbone-v2
/routing table
add fib name=to_wan1
add fib name=to_wan2
add disabled=no fib name=LAN_to_LAN
/interface bridge nat
add action=accept chain=srcnat
/interface bridge port
add bridge=bridge1-LAN3 ingress-filtering=no interface=ether3-LAN3 trusted=yes
add bridge=bridge2-LAN4 ingress-filtering=no interface=ether4-LAN4 trusted=yes
add bridge=bridge3-LAN5 ingress-filtering=no interface=ether5-LAN5
/ip neighbor discovery-settings
set discover-interface-list=all
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface list member
add interface=ether1-WAN1 list=WAN
add interface=bridge1-LAN3 list=LAN
add interface=bridge2-LAN4 list=LAN
add interface=bridge3-LAN5 list=LAN
add interface=ether2-WAN2 list=WAN
/interface ovpn-server server
set auth=sha1,md5
/ip address
add address=192.168.3.1/24 interface=ether3-LAN3 network=192.168.3.0
add address=192.168.4.1/24 interface=ether4-LAN4 network=192.168.4.0
add address=192.168.5.1/24 interface=ether5-LAN5 network=192.168.5.0
/ip dhcp-client
add add-default-route=no interface=ether1-WAN1 script="{\r\
\n :local rmark \"to_wan1\"\r\
\n :local count [/ip route print count-only where comment=\"to_wan1\"]\r\
\n :if (\$bound=1) do={\r\
\n :if (\$count = 0) do={\r\
\n /ip route add distance=1 gateway=\$\"gateway-address\" check-gateway=ping routing-mark=to_wan1 comment=\"to_wan1\"\r\
\n /ip route add distance=1 gateway=\$\"gateway-address\" check-gateway=ping comment=\"to_wan1\"\r\
\n } else={\r\
\n :if (\$count = 1) do={\r\
\n :local test [/ip route find where comment=\"to_wan1\"]\r\
\n :if ([/ip route get \$test gateway] != \$\"gateway-address\") do={\r\
\n /ip route set \$test gateway=\$\"gateway-address\"\r\
\n }\r\
\n } else={\r\
\n :error \"Multiple routes found\"\r\
\n }\r\
\n }\r\
\n } else={\r\
\n /ip route remove [find comment=\"to_wan1\"]\r\
\n }\r\
\n}"
add add-default-route=no interface=ether2-WAN2 script="{\r\
\n :local rmark \"to_wan2\"\r\
\n :local count [/ip route print count-only where comment=\"to_wan2\"]\r\
\n :if (\$bound=1) do={\r\
\n :if (\$count = 0) do={\r\
\n /ip route add distance=1 gateway=\$\"gateway-address\" check-gateway=ping routing-mark=to_wan2 comment=\"to_wan2\"\r\
\n /ip route add distance=2 gateway=\$\"gateway-address\" check-gateway=ping comment=\"to_wan2\"\r\
\n\t} else={\r\
\n :if (\$count = 1) do={\r\
\n :local test [/ip route find where comment=\"to_wan2\"]\r\
\n :if ([/ip route get \$test gateway] != \$\"gateway-address\") do={\r\
\n /ip route set \$test gateway=\$\"gateway-address\"\r\
\n }\r\
\n } else={\r\
\n :error \"Multiple routes found\"\r\
\n }\r\
\n }\r\
\n } else={\r\
\n /ip route remove [find comment=\"to_wan2\"]\r\
\n }\r\
\n}"
/ip dhcp-server network
add address=192.168.3.0/24 dns-server=1.1.1.1,8.8.8.8 gateway=192.168.3.1 netmask=16
add address=192.168.4.0/24 dns-server=1.1.1.1,8.8.8.8 gateway=192.168.4.1 netmask=16
add address=192.168.5.0/24 dns-server=1.1.1.1,8.8.8.8 gateway=192.168.5.1 netmask=16
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=yes
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
add action=accept chain=forward protocol=icmp
add action=drop chain=forward comment="Drop TRACEROUTE" icmp-options=11:0 protocol=icmp
add action=drop chain=forward icmp-options=3:3 protocol=icmp
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="Mark Source ip port scanner to Address list " protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="NMAP FIN Stealth scan" protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="SYN/FIN scan" protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="SYN/RST scan" protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="FIN/PSH/URG scan" protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="ALL/ALL scan" protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="NMAP NULL scan" protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input comment="Drop port scanners" src-address-list="port scanners"
add action=add-src-to-address-list address-list=port-knocking-first address-list-timeout=none-dynamic chain=input comment="Port Knocking Use Icmp + Packet Size" packet-size=100 protocol=icmp
add action=add-src-to-address-list address-list=port-knocking-second address-list-timeout=none-dynamic chain=input packet-size=200 protocol=icmp src-address-list=port-knocking-first
add action=accept chain=input dst-port=21,22,23 protocol=tcp src-address-list=port-knocking-second
add action=drop chain=input dst-port=21,22,23 protocol=tcp src-address-list=!port-knocking-second
add action=drop chain=input comment="dropping port scanners" src-address-list="port scanners"
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="Port scanners to list " protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="NMAP FIN Stealth scan" protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="SYN/FIN scan" protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="SYN/RST scan" protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="FIN/PSH/URG scan" protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="ALL/ALL scan" protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment="NMAP NULL scan" protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list=port_scanners_list address-list-timeout=4w2d chain=input comment="Port scanners to list " protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list=port_scanners_list address-list-timeout=4w2d chain=input comment="NMAP FIN Stealth scan" protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list=port_scanners_list address-list-timeout=4w2d chain=input comment="SYN/FIN scan" protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list=port_scanners_list address-list-timeout=4w2d chain=input comment="SYN/RST scan" protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list=port_scanners_list address-list-timeout=4w2d chain=input comment="FIN/PSH/URG scan" protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list=port_scanners_list address-list-timeout=4w2d chain=input comment="ALL/ALL scan" protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list=port_scanners_list address-list-timeout=4w2d chain=input comment="NMAP NULL scan" protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input comment="dropping port scanners" src-address-list=port_scanners_list
/ip firewall mangle
add action=accept chain=prerouting in-interface=ether1-WAN1
add action=accept chain=prerouting in-interface=ether2-WAN2
add action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=wan1_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:2/0 src-address=192.168.3.0/24
add action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=wan1_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:2/0 src-address=192.168.4.0/24
add action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=wan1_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:2/0 src-address=192.168.5.0/24
add action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=wan2_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:2/1 src-address=192.168.3.0/24
add action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=wan2_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:2/1 src-address=192.168.4.0/24
add action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=wan2_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:2/1 src-address=192.168.5.0/24
add action=mark-routing chain=prerouting connection-mark=wan1_conn new-routing-mark=to_wan1 passthrough=yes src-address=192.168.3.0/24
add action=mark-routing chain=prerouting connection-mark=wan1_conn new-routing-mark=to_wan1 passthrough=yes src-address=192.168.4.0/24
add action=mark-routing chain=prerouting connection-mark=wan1_conn new-routing-mark=to_wan1 passthrough=yes src-address=192.168.5.0/24
add action=mark-routing chain=prerouting connection-mark=wan2_conn new-routing-mark=to_wan2 passthrough=yes src-address=192.168.3.0/24
add action=mark-routing chain=prerouting connection-mark=wan2_conn new-routing-mark=to_wan2 passthrough=yes src-address=192.168.4.0/24
add action=mark-routing chain=prerouting connection-mark=wan2_conn new-routing-mark=to_wan2 passthrough=yes src-address=192.168.5.0/24
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1-WAN1 src-address=192.168.3.0/24
add action=masquerade chain=srcnat out-interface=ether1-WAN1 src-address=192.168.4.0/24
add action=masquerade chain=srcnat out-interface=ether1-WAN1 src-address=192.168.5.0/24
add action=masquerade chain=srcnat out-interface=ether2-WAN2 src-address=192.168.3.0/24
add action=masquerade chain=srcnat out-interface=ether2-WAN2 src-address=192.168.4.0/24
add action=masquerade chain=srcnat out-interface=ether2-WAN2 src-address=192.168.5.0/24
/ip route
add check-gateway=ping comment=to_wan1 disabled=no dst-address=0.0.0.0/0 gateway=94.52.234.129 routing-table=to_wan1
add check-gateway=ping comment=to_wan1 disabled=no dst-address=0.0.0.0/0 gateway=94.52.234.129
add check-gateway=ping comment=to_wan2 disabled=no dst-address=0.0.0.0/0 gateway=78.97.172.1 routing-table=to_wan2
add check-gateway=ping comment=to_wan2 disabled=no distance=2 dst-address=0.0.0.0/0 gateway=78.97.172.1
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh port=223
set www-ssl disabled=no
set api disabled=yes
set api-ssl disabled=yes
/ip traffic-flow
set interfaces=LAN
/ip traffic-flow ipfix
set nat-events=yes
/routing rule
add action=lookup disabled=no dst-address=192.168.3.49 interface=bridge1-LAN3 src-address=192.168.3.0/24 table=LAN_to_LAN
add action=lookup disabled=no dst-address=192.168.4.49 interface=bridge2-LAN4 src-address=192.168.4.0/24 table=LAN_to_LAN