I am new to mikrotik. After i applied the filter rule internet connect not stable. Filter get it from here http://tksja.com/essential-firewall-rules/.
# may/29/2021 18:27:22 by RouterOS 6.47.4
# software id = RI21-KVP2
#
# model = CCR1009-7G-1C-1S+
# serial number = CD640C2B57E2
/interface ethernet
set [ find default-name=ether1 ] name=ether1-UNIFI1
set [ find default-name=ether2 ] name=ether2-UNIFI2
set [ find default-name=ether3 ] name=ether3-UNIFI3
set [ find default-name=ether4 ] name=ether4-UNIFI4
set [ find default-name=ether5 ] name=ether5-UNIFI5
set [ find default-name=ether6 ] name=ether6-UNIFI6
set [ find default-name=ether7 ] name=ether7-GUEST
/interface vlan
add interface=ether1-UNIFI1 name=vlan500-Unifi1 vlan-id=500
add interface=ether2-UNIFI2 name=vlan500-Unifi2 vlan-id=500
add interface=ether3-UNIFI3 name=vlan500-Unifi3 vlan-id=500
add interface=ether4-UNIFI4 name=vlan500-Unifi4 vlan-id=500
add interface=ether5-UNIFI5 name=vlan500-Unifi5 vlan-id=500
add interface=ether6-UNIFI6 name=vlan500-Unifi6 vlan-id=500
/interface pppoe-client
add add-default-route=yes disabled=no interface=vlan500-Unifi1 max-mtu=1480 \
name=unifi1 use-peer-dns=yes user=star2021@unifibiz
add add-default-route=yes disabled=no interface=vlan500-Unifi2 max-mtu=1480 \
name=unifi2 use-peer-dns=yes user=star2022@unifibiz
add add-default-route=yes disabled=no interface=vlan500-Unifi3 max-mtu=1480 \
name=unifi3 use-peer-dns=yes user=star2023@unifibiz
add add-default-route=yes disabled=no interface=vlan500-Unifi4 max-mtu=1480 \
name=unifi4 use-peer-dns=yes user=star2024@unifibiz
add add-default-route=yes disabled=no interface=vlan500-Unifi5 max-mtu=1480 \
name=unifi5 use-peer-dns=yes user=star2025@unifibiz
add add-default-route=yes disabled=no interface=vlan500-Unifi6 max-mtu=1480 \
name=unifi6 use-peer-dns=yes user=star2026@unifibiz
/interface list
add name=LB-List
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=GUEST ranges=172.16.3.1-172.16.31.254
/ip dhcp-server
add address-pool=GUEST disabled=no interface=sfp-sfpplus1 lease-time=1d name=\
dhcp1
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
sword,web,sniff,sensitive,api,romon,dude,tikapp"
/ip neighbor discovery-settings
set discover-interface-list=!dynamic
/interface detect-internet
set detect-interface-list=all
/interface list member
add interface=sfp-sfpplus1 list=LB-List
/ip address
add address=172.16.1.1/19 interface=sfp-sfpplus1 network=172.16.0.0
/ip cloud
set ddns-enabled=yes ddns-update-interval=5m
/ip dhcp-server lease
add address=172.16.31.41 client-id=1:84:d8:1b:3f:7a:dd mac-address=\
84:D8:1B:3F:7A:DD server=dhcp1
add address=172.16.31.235 mac-address=5A:6F:0C:EC:B1:08 server=dhcp1
add address=172.16.25.138 client-id=1:50:76:af:73:4f:b5 mac-address=\
50:76:AF:73:4F:B5 server=dhcp1
add address=172.16.22.56 client-id=1:f8:59:71:8d:f5:90 mac-address=\
F8:59:71:8D:F5:90 server=dhcp1
/ip dhcp-server network
add address=172.16.0.0/19 dns-server=8.8.8.8,8.8.4.4 gateway=172.16.1.1
/ip dns
set servers=8.8.8.8,8.8.4.4
/ip firewall address-list
add address=0.0.0.0/8 comment="Self-Identification [RFC 3330]" list=Bogons
add address=10.0.0.0/8 comment="Private[RFC 1918] - CLASS A # Check if you nee\
d this subnet before enable it" list=Bogons
add address=127.0.0.0/8 comment="Loopback [RFC 3330]" list=Bogons
add address=169.254.0.0/16 comment="Link Local [RFC 3330]" list=Bogons
add address=172.16.0.0/12 comment="Private[RFC 1918] - CLASS B # Check if you \
need this subnet before enable it" list=Bogons
add address=192.0.2.0/24 comment="Reserved - IANA - TestNet1" list=Bogons
add address=192.88.99.0/24 comment="6to4 Relay Anycast [RFC 3068]" list=\
Bogons
add address=198.18.0.0/15 comment="NIDB Testing" list=Bogons
add address=198.51.100.0/24 comment="Reserved - IANA - TestNet2" list=Bogons
add address=203.0.113.0/24 comment="Reserved - IANA - TestNet3" list=Bogons
add address=224.0.0.0/4 comment=\
"MC, Class D, IANA # Check if you need this subnet before enable it" \
list=Bogons
/ip firewall filter
add action=accept chain=forward comment="defconf: accept established,related" \
connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=accept chain=input port=69 protocol=udp
add action=accept chain=forward port=69 protocol=udp
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface=ether1-UNIFI1
add action=drop chain=forward comment="Drop to bogon list" dst-address-list=\
Bogons
add action=accept chain=input protocol=icmp
add action=accept chain=input connection-state=established
add action=accept chain=input connection-state=related
add action=drop chain=input in-interface=ether1-UNIFI1
/ip firewall mangle
add action=accept chain=prerouting in-interface=unifi1
add action=accept chain=prerouting in-interface=unifi2
add action=accept chain=prerouting in-interface=unifi3
add action=accept chain=prerouting in-interface=unifi4
add action=accept chain=prerouting in-interface=unifi5
add action=accept chain=prerouting in-interface=unifi6
add action=mark-connection chain=prerouting dst-address-type="" \
in-interface-list=LB-List new-connection-mark=wan1_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:6/0
add action=mark-connection chain=prerouting dst-address-type="" \
in-interface-list=LB-List new-connection-mark=wan2_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:6/1
add action=mark-connection chain=prerouting dst-address-type="" \
in-interface-list=LB-List new-connection-mark=wan3_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:6/2
add action=mark-connection chain=prerouting dst-address-type="" \
in-interface-list=LB-List new-connection-mark=wan4_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:6/3
add action=mark-connection chain=prerouting dst-address-type="" \
in-interface-list=LB-List new-connection-mark=wan5_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:6/4
add action=mark-connection chain=prerouting dst-address-type="" \
in-interface-list=LB-List new-connection-mark=wan6_conn passthrough=yes \
per-connection-classifier=both-addresses-and-ports:6/5
add action=mark-routing chain=prerouting connection-mark=wan1_conn \
in-interface-list=LB-List new-routing-mark=to_wan1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=wan2_conn \
in-interface-list=LB-List new-routing-mark=to_wan2 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=wan3_conn \
in-interface-list=LB-List new-routing-mark=to_wan3 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=wan4_conn \
in-interface-list=LB-List new-routing-mark=to_wan4 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=wan5_conn \
in-interface-list=LB-List new-routing-mark=to_wan5 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=wan6_conn \
in-interface-list=LB-List new-routing-mark=to_wan6 passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat
/ip route
add check-gateway=ping distance=1 gateway=unifi1 routing-mark=to_wan1
add check-gateway=ping distance=1 gateway=unifi2 routing-mark=to_wan2
add check-gateway=ping distance=1 gateway=unifi3 routing-mark=to_wan3
add check-gateway=ping distance=1 gateway=unifi4 routing-mark=to_wan4
add check-gateway=ping distance=1 gateway=unifi5 routing-mark=to_wan5
add check-gateway=ping distance=1 gateway=unifi6 routing-mark=to_wan6
/ip service
set ftp disabled=yes
set www port=58080
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=Asia/Kuala_Lumpur