Hello Mikrotikians -
I have seen several times in the forums that some people suggest turning off default forward, but no one has explained why. Can you help explain?
for wireless it means that wireless clients, when connected to the AP, will not be able to connect to each other, only to the internet.
default-forwarding=off → wireless clients cannot communicate with each other
default-forwarding=on → they can.
perfect. And default authenticate? Simple explanation? and will it provide any relief on my overstressed prism cards to have it off?
default-authenticate=off will allow to connect only those clients who are in the access list
default-authenticate controls wether everyone (i.e. every wireless client) can connect to your AP interface, or only the ones you are allowing via the access-list feature.
If default-authenticate is on, everyone can connect. If it’s off, only MAC addresses listed in access-list may connect.
So this probably doesn’t make much sense if you are running a public hotspot on this interface. It could create some little extra security when used on wireless interfaces with only known communication partners (like point-to-point links). But be aware of the fact that this is not really “security” you gain - it’s quite easy to bypass this, if one wants to. It’s just another small hurdle to kepp the occasional guy out.
Best regards,
Christian Meis
OK, I give up for today, Normunds 
Have to do some real work anyhow 
…
Or I will stick with shorter posts, too.
Best regards,
Christian Meis
well done fellas. Thank you.