Good, happy it is more or less working 
.
So the links/routes are sometimes “flapping”?
Every thirty seconds look suspiciously linked to the running of the netwatch script.
Try changing the interval to a higher value or - maybe better - try inserting in the netwatch script a small delay like another 10-20s
delay 20s
before the enable or disable command.
(I don’t think that if you stay offline for a couple minutes when doing the failover to LTE or getting back to main DSL it will be an issue, and in any case you can always later fine tune it ).
There are more sophisticated versions of netwatch settings that may end up being more reliable, the plain one as you have it will trigger the up/down at the first failed ping, and sometimes it can happen that a ping fails.
Additionally, to make the failover and back faster (as perceived by the final user) there might be the need of removing connections, like
http://forum.mikrotik.com/t/delete-all-connection-in-firewall-connections/94436/1
http://forum.mikrotik.com/t/delete-all-connection-in-firewall-connections/94436/1
The real tests however are not connecting and disconnecting the cable from ether1 (which is - I believe - what you are doing) but rather:
- disconnect the DSL line connector from the ISP router (this simulates an ISP issue on the line, the router is on but cannot reach internet)
- power off (physically remove plugs from mains) for all three devices and then reinsert them at the same time, it would be easier/better to test if you use one of those multi-plug extensions with a on/off switch (to simulate what happens when a blackout happens)
as these two cases are the most common ones.
About the firewall, the default (defconf) settings are generally considered good enough, though they can be bettered/made more secure.
There is no difference (in defconf firewall) between DSL and LTE (or between ether1 and ether2) as the rules are made for the lists, WAN and LAN.
About the bridge vs. router I don’t know what could be the reason, it could also be due to some setting in the ISP router.
Not that I actually know what I am saying but if you set it up as router it is faster, why not setting it up that way?
Purists will start telling you that you have double NAT and that you will increase latency, but as I see it if it works, it works.
And actually it would be much easier if your ISP assigned IP is not really-really static (right now if the ISP changes the assigned IP the route in “DSL” won’t work).
If this is the case you will need a script in DHCP client like:
http://forum.mikrotik.com/t/auto-gateway-change-scripts-that-work-in-ros-v7/158650/1
http://forum.mikrotik.com/t/auto-gateway-change-scripts-that-work-in-ros-v7/158650/1
You still have to configure more properly your wifi (right now you have an error on wifi3 that I cannot understand the cause, as the settings seem “right” to me).
There is a nice tutorial by tangent on how to setup wifi and Guest Wifi without using VLAN’s (simpler) here:
https://tangentsoft.com/mikrotik/wiki?name=Isolated%20Guest%20WiFi%20Sans%20VLANs
And there is also (of course only if you are game for it) the experiment of modifying the failover method getting rid of the mangle rule and the additional routing table.
You - probably without knowing - entered a very deep rabbit hole … 