Here's my config, which I have tried to censor
# apr/26/2017 10:08:01 by RouterOS 6.38.5
# software id = 6LWI-KQ5T
#
/interface bridge
add mtu=1500 name=Public-Br protocol-mode=none
/interface ethernet
set [ find default-name=ether1 ] mtu=1512
set [ find default-name=ether5 ] mtu=1504
/interface eoip
add clamp-tcp-mss=no !keepalive mac-address=02:D4:7B:0B:07:DB mtu=1500 name=Public-Tunnel-2 remote-address=10.10.15.36 tunnel-id=209
/interface vlan
add interface=ether5 name=VLAN-11-<client> vlan-id=11
add interface=ether5 name=VLAN-13-<client> vlan-id=13
add interface=ether5 name=VLAN-15-<client> vlan-id=15
add interface=ether5 name=VLAN-20-<client> vlan-id=20
add interface=ether5 name=VLAN-21-<client> vlan-id=21
add interface=ether5 name=VLAN-22-<client> vlan-id=22
add interface=ether5 name=VLAN-30-<client> vlan-id=30
add interface=ether5 name=VLAN-31-<client> vlan-id=31
add interface=ether5 name=VLAN-32-<client> vlan-id=310
add interface=ether5 name=VLAN-35-<client> vlan-id=35
add interface=ether5 name=VLAN-36-<client> vlan-id=36
add interface=ether5 name=VLAN-105-<client> vlan-id=105
add interface=ether5 name=VLAN-308-<client> vlan-id=308
add interface=ether5 name=VLAN-309-<client> vlan-id=309
add interface=ether5 name=VLAN-311-<client> vlan-id=311
add interface=ether5 name=VLAN-401-<client> vlan-id=401
add interface=ether5 name=VLAN-402-<client> vlan-id=402
add interface=ether5 name=VLAN-404-<client> vlan-id=404
add interface=ether5 name=VLAN-405-<client> vlan-id=405
add interface=ether5 name=VLAN-406-<client> vlan-id=406
add interface=ether5 name=VLAN-411-<client> vlan-id=411
add interface=ether5 name=VLAN-413-<client> vlan-id=413
add interface=ether5 name=VLAN-501-<client> vlan-id=501
add interface=ether5 name=VLAN-508-<client> vlan-id=508
add interface=ether5 name=VLAN-510-<client> vlan-id=510
add interface=ether5 name=VLAN-511-<client> vlan-id=511
add interface=ether5 name=VLAN-515-<client> vlan-id=515
add interface=ether5 name=VLAN-516-<client> vlan-id=516
add interface=ether5 name=VLAN-520-<client> vlan-id=520
add interface=ether5 name=VLAN-535-<client> vlan-id=535
add interface=ether5 name=VLAN-545-<client> vlan-id=545
add interface=ether5 name=VLAN-620-<client> vlan-id=620
add interface=ether5 name=VLAN-935 vlan-id=935
add interface=ether5 name=VLAN-1000-<client> vlan-id=1000
add interface=ether5 name=VLAN-1001-<client> vlan-id=1001
add interface=ether2 name=vlan2-voice vlan-id=2
add interface=ether5 name=vlan10 vlan-id=10
add interface=ether5 name=vlan254 vlan-id=254
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip dhcp-server option
add code=150 name=tftp value=0x0a010b0b
add code=150 name=tftp-<client> value=0x0A0A1E6E
add code=150 name=tftp-<client> value=0x0A00000E
add code=150 name=tftp-test value=0x3F4F0E9A
add code=150 name=tftp-<client> value=0x0A0A1E73
add code=150 name=tftp-<client> value=0x0A0A1E66
add code=150 name=tftp-<client> value=0x0A0A1E82
add code=150 name=tftp-<client> value=0x0A0A1E67
add code=150 name=tftp-PUB value=0x3F4F0E9E
add code=150 name=tftp-<client> value=0x0A0A1E4B
add code=160 name=snom value=0x0A0A1E6E
add code=67 name=110 value="'10.10.30.110'"
add code=128 name=tftp-minet value=0x0A0A1E6B
add code=129 name=option1 value=0x3F4F0E9A
add code=150 name=tftp-cisco-workforce value=0x0A0A1E79
add code=66 name=wec-server value="'10.10.30.118'"
add code=150 name=<client> value=0x0A0A1ECC
add code=150 name=tftp-bp value=0x0A0A1E75
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot login-by=mac,cookie,http-chap,mac-cookie
add hotspot-address=10.4.101.1 html-directory=flash/hotspot name=hsprof1
/ip hotspot user profile
set [ find default=yes ] shared-users=100
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
/ip pool
add name=dhcp_pool4 ranges=10.140.2.25-10.140.2.225
add name=dhcp_pool5 ranges=10.140.4.25-10.140.4.225
add name=dhcp_pool6 ranges=10.140.6.25-10.140.6.225
add name=dhcp_pool7 ranges=10.4.10.15-10.4.10.240
add name=dhcp_pool8 ranges=10.4.209.25-10.4.209.225
add name=dhcp_pool9 ranges=10.140.5.25-10.140.5.225
add name=dhcp_pool10 ranges=10.4.11.25-10.4.11.225
add name=dhcp_pool11 ranges=10.4.13.2-10.4.13.254
add name=dhcp_pool12 ranges=10.4.69.2-10.4.69.254
add name=dhcp_pool13 ranges=10.4.15.22-10.4.15.222
add name=dhcp_pool14 ranges=10.4.154.2-10.4.154.254
add name=dhcp_pool16 ranges=10.4.21.22-10.4.21.222
add name=dhcp_pool17 ranges=10.4.22.22-10.4.22.222
add name=dhcp_pool18 ranges=10.4.35.22-10.4.35.222
add name=dhcp_pool19 ranges=10.4.31.22-10.4.31.222
add name=dhcp_pool20 ranges=10.4.51.22-10.4.51.222
add name=dhcp_pool21 ranges=10.4.52.22-10.4.52.222
add name=dhcp_pool22 ranges=10.4.53.22-10.4.53.222
add name=dhcp_pool23 ranges=10.4.54.22-10.4.54.222
add name=dhcp_pool24 ranges=10.4.52.22-10.4.52.222
add name=dhcp_pool25 ranges=10.4.54.2-10.4.54.254
add name=dhcp_pool26 ranges=10.4.61.25-10.4.61.225
add name=dhcp_pool27 ranges=10.4.36.22-10.4.36.222
add name=dhcp_pool28 ranges=10.4.55.65-10.4.55.225
add name=dhcp_pool29 ranges=10.4.38.25-10.4.38.225
add name=dhcp_pool30 ranges=10.4.39.25-10.4.39.225
add name=dhcp_pool31 ranges=10.4.57.25-10.4.57.225
add name=dhcp_pool32 ranges=10.4.105.25-10.4.105.225
add name=dhcp_pool33 ranges=10.4.32.200-10.4.32.225
add name=dhcp_pool34 ranges=10.4.56.25-10.4.56.225
add name=dhcp_pool35 ranges=10.4.93.25-10.4.93.225
add name=dhcp_pool36 ranges=10.4.101.25-10.4.101.225
add name=dhcp_pool37 ranges=10.4.100.25-10.4.100.225
add name=dhcp_pool15 ranges=192.168.209.120-192.168.209.180
add name=dhcp_pool2 ranges=10.4.20.25-10.4.20.225
add name=dhcp_pool1 ranges=10.0.1.2-10.0.1.254
add name=dhcp_pool3 ranges=10.4.62.25-10.4.62.225
add name=pool1 ranges=10.140.1.25
/ip dhcp-server
add address-pool=dhcp_pool4 disabled=no interface=VLAN-402-<client> lease-time=3d name=dhcp4
add address-pool=dhcp_pool5 disabled=no interface=VLAN-404-<client> lease-time=3d name=dhcp5
add address-pool=dhcp_pool6 disabled=no interface=VLAN-406-<client> lease-time=3d name=dhcp6
add address-pool=dhcp_pool8 disabled=no interface=VLAN-411-<client> lease-time=3d name=dhcp8
add address-pool=dhcp_pool9 disabled=no interface=VLAN-405-<client>lease-time=3d name=dhcp9
add address-pool=dhcp_pool11 disabled=no interface=VLAN-13-<client> lease-time=3d name=dhcp11
add address-pool=dhcp_pool13 disabled=no interface=VLAN-15-<client> lease-time=3d name=dhcp13
add address-pool=dhcp_pool14 disabled=no interface=VLAN-413-<client> lease-time=3d name=dhcp12
add address-pool=dhcp_pool16 disabled=no interface=VLAN-21-<client> lease-time=3d name=dhcp14
add address-pool=dhcp_pool17 disabled=no interface=VLAN-22-<client> lease-time=3d name=dhcp15
add address-pool=dhcp_pool18 disabled=no interface=VLAN-35-<client> lease-time=3d name=dhcp16
add address-pool=dhcp_pool19 disabled=no interface=VLAN-31-<client> lease-time=3d name=dhcp17
add address-pool=dhcp_pool20 disabled=no interface=VLAN-501-<client> lease-time=3d name=dhcp18
add address-pool=dhcp_pool22 disabled=no interface=VLAN-510-<client> lease-time=3d name=dhcp20
add address-pool=dhcp_pool24 disabled=no interface=VLAN-508-<client> lease-time=3d name=dhcp19
add address-pool=dhcp_pool25 disabled=no interface=VLAN-520-<client> lease-time=3d name=dhcp21
add address-pool=dhcp_pool26 disabled=no interface=VLAN-311-<client> lease-time=3d name=dhcp22
add address-pool=dhcp_pool27 disabled=no interface=VLAN-36-<client> lease-time=3d name=dhcp23
add address-pool=dhcp_pool29 disabled=no interface=VLAN-308-<client> lease-time=3d name=dhcp25
add address-pool=dhcp_pool30 disabled=no interface=VLAN-309-<client> lease-time=3d name=dhcp26
add address-pool=dhcp_pool31 disabled=no interface=VLAN-545-<client> lease-time=3d name=dhcp27
add address-pool=dhcp_pool32 disabled=no interface=VLAN-105-<client> lease-time=3d name=dhcp28
add address-pool=dhcp_pool33 disabled=no interface=VLAN-32-<client> lease-time=3d name=dhcp29
add address-pool=dhcp_pool35 disabled=no interface=VLAN-935 lease-time=3d name=dhcp31
add address-pool=dhcp_pool37 disabled=no interface=VLAN-1000-<client> lease-time=3d name=dhcp32
add address-pool=dhcp_pool36 disabled=no interface=VLAN-1001-<client> lease-time=1h name=dhcp33
add address-pool=pool1 disabled=no interface=VLAN-401-<client> lease-time=3d name=dhcp3
add address-pool=dhcp_pool34 disabled=no interface=VLAN-516-<client> lease-time=3d name=dhcp30
add address-pool=dhcp_pool28 disabled=no interface=VLAN-515-<client> lease-time=3d name=dhcp24
add address-pool=dhcp_pool15 disabled=no interface=VLAN-30-<client> lease-time=3d name=dhcp1
add address-pool=dhcp_pool10 disabled=no interface=VLAN-11-<client> lease-time=3d name=dhcp10
add address-pool=dhcp_pool2 disabled=no interface=VLAN-20-<client> lease-time=3d name=dhcp2
add address-pool=dhcp_pool1 disabled=no interface=vlan2-voice name=dhcp7
add address-pool=dhcp_pool3 disabled=no interface=VLAN-620-<client> lease-time=1h name=dhcp34
/routing ospf instance
set [ find default=yes ] redistribute-connected=as-type-2 redistribute-static=as-type-2 router-id=10.10.15.33
/snmp community
add addresses=0.0.0.0/0 name=kansashosting
/dude
set data-directory=disk1/dude enabled=yes
/interface bridge port
add bridge=Public-Br interface=Public-Tunnel-2
add bridge=Public-Br interface=VLAN-535-<client>-Public
/ip address
add address=10.10.15.33/29 interface=ether1 network=10.10.15.32
add address=10.10.15.1/29 interface=ether4 network=10.10.15.0
add address=10.0.0.1/24 disabled=yes interface=ether2 network=10.0.0.0
add address=10.4.254.1/24 interface=vlan254 network=10.4.254.0
add address=192.168.209.1/24 comment="added by setup" interface=VLAN-30-<client>network=192.168.209.0
add address=192.168.55.1/24 interface=VLAN-515-<client>network=192.168.55.0
add address=10.4.56.1/24 interface=VLAN-516-<client>network=10.4.56.0
add address=10.4.55.1/24 interface=VLAN-515-<client>network=10.4.55.0
add address=10.4.10.1/24 interface=vlan10 network=10.4.10.0
add address=10.4.11.1/24 interface=VLAN-11-<client>-voice network=10.4.11.0
add address=10.4.20.1/24 interface=VLAN-20-Data network=10.4.20.0
add address=10.140.1.1/24 interface=VLAN-401-<client>network=10.140.1.0
add address=10.140.4.1/24 interface=VLAN-404-<client>network=10.140.4.0
add address=10.140.6.1/24 interface=VLAN-406-<client>network=10.140.6.0
add address=10.4.209.1/24 interface=VLAN-411-<client>-VOICE network=10.4.209.0
add address=10.140.5.1/24 interface=VLAN-405-<client>network=10.140.5.0
add address=10.4.13.1/24 interface=VLAN-13-<client>network=10.4.13.0
add address=10.4.15.1/24 interface=VLAN-15-<client>network=10.4.15.0
add address=10.4.154.1/24 interface=VLAN-413-<client>-TEST network=10.4.154.0
add address=10.4.21.1/24 interface=VLAN-21-<client>network=10.4.21.0
add address=10.4.22.1/24 interface=VLAN-22-<client>network=10.4.22.0
add address=10.4.35.1/24 interface=VLAN-35-<client>-Ste-506 network=10.4.35.0
add address=10.4.31.1/24 interface=VLAN-31-<client>network=10.4.31.0
add address=10.4.51.1/24 interface=VLAN-501-<client>-Data network=10.4.51.0
add address=10.4.53.1/24 interface=VLAN-510-<client>-Data network=10.4.53.0
add address=10.4.52.1/24 interface=VLAN-508-<client>-Data network=10.4.52.0
add address=10.4.54.1/24 interface=VLAN-520-<client>network=10.4.54.0
add address=10.4.32.1/24 interface=VLAN-32-<client>-Data network=10.4.32.0
add address=10.4.61.1/24 interface=VLAN-311-<client>network=10.4.61.0
add address=10.4.36.1/24 interface=VLAN-36-<client>-310C network=10.4.36.0
add address=10.4.38.1/24 interface=VLAN-308-<client>network=10.4.38.0
add address=10.4.39.1/24 interface=VLAN-309-<client>-Voice network=10.4.39.0
add address=10.4.57.1/24 interface=VLAN-545-<client> network=10.4.57.0
add address=192.168.20.1/24 interface=VLAN-401-<client>network=192.168.20.0
add address=10.4.105.1/24 interface=VLAN-105-<client>network=10.4.105.0
add address=10.4.93.1/24 interface=VLAN-935 network=10.4.93.0
add address=10.4.101.1/24 interface=VLAN-1001-<client>-Guest network=10.4.101.0
add address=10.4.100.1/24 interface=VLAN-1000-<client>network=10.4.100.0
add address=192.168.100.1/24 interface=VLAN-30-<client>network=192.168.100.0
add address=10.0.0.1/24 disabled=yes interface=ether2 network=10.0.0.0
add address=10.0.1.1/24 interface=vlan2-voice network=10.0.1.0
add address=192.168.1.1/24 interface=VLAN-30-<client>network=192.168.1.0
add address=10.4.62.1/24 interface=VLAN-620-<client>network=10.4.62.0
add address=10.4.209.4/24 interface=VLAN-411-<client>-VOICE network=10.4.209.0
/ip dhcp-server lease
add address=10.4.100.29 client-id=1:c0:56:e3:3:5f:93 mac-address=C0:56:E3:03:5F:93 server=dhcp32
add address=10.4.55.40 client-id=1:0:25:36:26:c8:22 mac-address=00:25:36:26:C8:22 server=dhcp24
add address=192.168.209.156 client-id=1:0:26:73:78:31:d7 mac-address=00:26:73:78:31:D7 server=dhcp1
add address=10.4.100.40 client-id=1:0:8e:f2:f8:b8:34 mac-address=00:8E:F2:F8:B8:34 server=dhcp32
add address=10.4.100.61 client-id=1:9c:b6:54:40:32:f3 mac-address=9C:B6:54:40:32:F3 server=dhcp32
/ip dhcp-server network
add address=10.0.1.0/24 gateway=10.0.1.1
add address=10.4.10.0/24 dhcp-option=110,wec-server gateway=10.4.10.1 ntp-server=10.10.30.110
add address=10.4.11.0/24 dhcp-option=tftp-<client>gateway=10.4.11.1 ntp-server=10.10.30.110
add address=10.4.13.0/24 dhcp-option=tftp-<client>gateway=10.4.13.1 ntp-server=206.212.242.132
add address=10.4.15.0/24 dhcp-option=tftp-<client>gateway=10.4.15.1 ntp-server=206.212.242.132
add address=10.4.20.0/24 gateway=10.4.20.1 ntp-server=206.212.242.132
add address=10.4.21.0/24 gateway=10.4.21.1 ntp-server=206.212.242.132
add address=10.4.22.0/24 dns-server=208.67.222.222,208.67.220.220 gateway=10.4.22.1 ntp-server=206.212.242.132
add address=10.4.31.0/24 dhcp-option=tftp-wdc,110 gateway=10.4.31.1 ntp-server=206.212.242.132
add address=10.4.32.0/24 gateway=10.4.32.1
add address=10.4.35.0/24 gateway=10.4.35.1 ntp-server=206.212.242.132
add address=10.4.36.0/24 gateway=10.4.36.1 ntp-server=206.212.242.132
add address=10.4.38.0/24 gateway=10.4.38.1
add address=10.4.39.0/24 dhcp-option=tftp-cisco-workforce gateway=10.4.39.1
add address=10.4.51.0/24 gateway=10.4.51.1 ntp-server=206.212.242.132
add address=10.4.52.0/24 dhcp-option=tftp-wdc gateway=10.4.52.1 ntp-server=206.212.242.132
add address=10.4.53.0/24 gateway=10.4.53.1 ntp-server=206.212.242.132
add address=10.4.54.0/24 dhcp-option=tftp-wdc gateway=10.4.54.1 ntp-server=206.212.242.132
add address=10.4.55.0/24 gateway=10.4.55.1
add address=10.4.56.0/24 gateway=10.4.56.1
add address=10.4.57.0/24 gateway=10.4.57.1
add address=10.4.61.0/24 gateway=10.4.61.1 ntp-server=206.212.242.132
add address=10.4.62.0/24 gateway=10.4.62.1
add address=10.4.93.0/24 gateway=10.4.93.1
add address=10.4.100.0/24 dhcp-option=tftp-<client>gateway=10.4.100.1
add address=10.4.101.0/24 comment="hotspot network" gateway=10.4.101.1
add address=10.4.105.0/24 gateway=10.4.105.1
add address=10.4.154.0/24 dhcp-option=tftp-winning gateway=10.4.154.1
add address=10.4.209.0/24 dhcp-option=tftp-wdc,110 gateway=10.4.209.1 ntp-server=63.76.125.66
add address=10.140.1.0/24 gateway=10.140.1.1
add address=10.140.2.0/24 gateway=10.140.2.1
add address=10.140.4.0/24 dhcp-option=<client>gateway=10.140.4.1
add address=10.140.5.0/24 gateway=10.140.5.1
add address=10.140.6.0/24 gateway=10.140.6.1
add address=192.168.209.0/24 dhcp-option=tftp-wdc gateway=192.168.209.1 ntp-server=10.10.30.109
/ip dns
set allow-remote-requests=yes max-udp-packet-size=512 servers=8.8.8.8,8.8.4.4
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add chain=forward src-address=192.168.20.0/24
add chain=forward dst-address=10.10.30.0/24 src-address=10.2.22.28
add chain=forward comment="<client>TEMP GOD RULE" dst-address=0.0.0.0/0 src-address=10.2.22.0/24
add chain=forward dst-address=10.10.30.0/24 src-address=10.4.100.0/24
add chain=forward dst-address=0.0.0.0/0 src-address=192.168.209.0/24
add chain=forward src-address=10.1.23.100
add chain=forward dst-address=10.1.23.100
add chain=forward comment="Fire Panel" dst-address=10.10.30.0/24 src-address=10.4.20.31
add chain=forward comment="Allow Established Traffic" connection-state=established
add chain=forward comment="Allow related traffic" connection-state=related
add chain=forward comment="Allow Winbox" dst-port=8291 protocol=tcp
add chain=forward comment="Allow DNS" dst-port=53 protocol=udp src-address=0.0.0.0/0
add chain=input comment="Accept DHCP" dst-port=67-68 protocol=udp
add chain=forward src-address=192.168.209.0/24
add chain=input src-address=192.168.209.0/24
add chain=forward comment="Allow <client>" src-address=10.140.4.0/24
add chain=forward comment="Allow VOIP and Building Services" dst-address=0.0.0.0/0 src-address=10.4.0.0/16
add chain=forward comment="ICMP Echo Reply" icmp-options=0 protocol=icmp src-address=0.0.0.0/0
add chain=forward comment="ICMP Echo Request" icmp-options=8 protocol=icmp src-address=0.0.0.0/0
add chain=forward comment="ICMP Time Exceeded" icmp-options=11 protocol=icmp src-address=0.0.0.0/0
add action=log chain=forward disabled=yes dst-address=10.0.0.0/8 src-address=10.140.0.0/16
add chain=forward comment="ICMP Source quench" icmp-options=4 protocol=icmp src-address=0.0.0.0/0
add action=log chain=forward comment="Log Invalid" connection-state=invalid disabled=yes log-prefix=invalid
add action=drop chain=forward comment="Drop Invalid" connection-state=invalid log-prefix=invalid
add action=drop chain=forward dst-address=10.0.0.0/8 src-address=10.140.0.0/16
add chain=forward src-address=192.168.20.0/24
add chain=forward dst-address=10.10.30.0/24 src-address=10.2.22.28
add chain=forward dst-address=10.10.30.0/24 src-address=10.4.100.0/24
add chain=forward dst-address=0.0.0.0/0 src-address=192.168.209.0/24
add chain=forward src-address=10.1.23.100
add chain=forward dst-address=10.1.23.100
add chain=forward comment="Fire Panel" dst-address=10.10.30.0/24 src-address=10.4.20.31
add chain=forward comment="Allow Established Traffic" connection-state=established
add chain=forward comment="Allow related traffic" connection-state=related
add chain=forward comment="Allow Winbox" dst-port=8291 protocol=tcp
add chain=forward comment="Allow DNS" dst-port=53 protocol=udp src-address=0.0.0.0/0
add chain=input comment="Accept DHCP" dst-port=67-68 protocol=udp
add chain=forward src-address=192.168.209.0/24
add chain=input src-address=192.168.209.0/24
add chain=forward comment="Allow <client>" src-address=10.140.4.0/24
add chain=forward comment="Allow VOIP and Building Services" dst-address=0.0.0.0/0 src-address=10.4.0.0/16
add chain=forward comment="ICMP Echo Reply" icmp-options=0 protocol=icmp src-address=0.0.0.0/0
add chain=forward comment="ICMP Echo Request" icmp-options=8 protocol=icmp src-address=0.0.0.0/0
add chain=forward comment="ICMP Time Exceeded" icmp-options=11 protocol=icmp src-address=0.0.0.0/0
add action=log chain=forward disabled=yes dst-address=10.0.0.0/8 src-address=10.140.0.0/16
add chain=forward comment="ICMP Source quench" icmp-options=4 protocol=icmp src-address=0.0.0.0/0
add action=log chain=forward comment="Log Invalid" connection-state=invalid disabled=yes log-prefix=invalid
add action=drop chain=forward comment="Drop Invalid" connection-state=invalid log-prefix=invalid
add action=drop chain=forward dst-address=10.0.0.0/8 src-address=10.140.0.0/16
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add chain=forward src-address=192.168.20.0/24
add chain=forward dst-address=10.10.30.0/24 src-address=10.2.22.28
add chain=forward comment="<client>TEMP GOD RULE" dst-address=0.0.0.0/0 src-address=10.2.22.0/24
add chain=forward dst-address=10.10.30.0/24 src-address=10.4.100.0/24
add chain=forward dst-address=0.0.0.0/0 src-address=192.168.209.0/24
add chain=forward src-address=10.1.23.100
add chain=forward dst-address=10.1.23.100
add chain=forward comment="Fire Panel" dst-address=10.10.30.0/24 src-address=10.4.20.31
add chain=forward comment="Allow Established Traffic" connection-state=established
add chain=forward comment="Allow related traffic" connection-state=related
add chain=forward comment="Allow Winbox" dst-port=8291 protocol=tcp
add chain=forward comment="Allow DNS" dst-port=53 protocol=udp src-address=0.0.0.0/0
add chain=input comment="Accept DHCP" dst-port=67-68 protocol=udp
add chain=forward src-address=192.168.209.0/24
add chain=input src-address=192.168.209.0/24
add chain=forward comment="Allow <client>" src-address=10.140.4.0/24
add chain=forward comment="Allow VOIP and Building Services" dst-address=0.0.0.0/0 src-address=10.4.0.0/16
add chain=forward comment="ICMP Echo Reply" icmp-options=0 protocol=icmp src-address=0.0.0.0/0
add chain=forward comment="ICMP Echo Request" icmp-options=8 protocol=icmp src-address=0.0.0.0/0
add chain=forward comment="ICMP Time Exceeded" icmp-options=11 protocol=icmp src-address=0.0.0.0/0
add action=log chain=forward disabled=yes dst-address=10.0.0.0/8 src-address=10.140.0.0/16
add chain=forward comment="ICMP Source quench" icmp-options=4 protocol=icmp src-address=0.0.0.0/0
add action=log chain=forward comment="Log Invalid" connection-state=invalid disabled=yes log-prefix=invalid
add action=drop chain=forward comment="Drop Invalid" connection-state=invalid log-prefix=invalid
add action=drop chain=forward dst-address=10.0.0.0/8 src-address=10.140.0.0/16
add chain=forward src-address=192.168.20.0/24
add chain=forward dst-address=10.10.30.0/24 src-address=10.2.22.28
add chain=forward dst-address=10.10.30.0/24 src-address=10.4.100.0/24
add chain=forward dst-address=0.0.0.0/0 src-address=192.168.209.0/24
add chain=forward src-address=10.1.23.100
add chain=forward dst-address=10.1.23.100
add chain=forward comment="Fire Panel" dst-address=10.10.30.0/24 src-address=10.4.20.31
add chain=forward comment="Allow Established Traffic" connection-state=established
add chain=forward comment="Allow related traffic" connection-state=related
add chain=forward comment="Allow Winbox" dst-port=8291 protocol=tcp
add chain=forward comment="Allow DNS" dst-port=53 protocol=udp src-address=0.0.0.0/0
add chain=input comment="Accept DHCP" dst-port=67-68 protocol=udp
add chain=forward src-address=192.168.209.0/24
add chain=input src-address=192.168.209.0/24
add chain=forward comment="Allow <client>" src-address=10.140.4.0/24
add chain=forward comment="Allow VOIP and Building Services" dst-address=0.0.0.0/0 src-address=10.4.0.0/16
add chain=forward comment="ICMP Echo Reply" icmp-options=0 protocol=icmp src-address=0.0.0.0/0
add chain=forward comment="ICMP Echo Request" icmp-options=8 protocol=icmp src-address=0.0.0.0/0
add chain=forward comment="ICMP Time Exceeded" icmp-options=11 protocol=icmp src-address=0.0.0.0/0
add action=log chain=forward disabled=yes dst-address=10.0.0.0/8 src-address=10.140.0.0/16
add chain=forward comment="ICMP Source quench" icmp-options=4 protocol=icmp src-address=0.0.0.0/0
add action=log chain=forward comment="Log Invalid" connection-state=invalid disabled=yes log-prefix=invalid
add action=drop chain=forward comment="Drop Invalid" connection-state=invalid log-prefix=invalid
add action=drop chain=forward dst-address=10.0.0.0/8 src-address=10.140.0.0/16
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
/ip firewall service-port
set sip disabled=yes ports=5060,5061,8000
/ip ipsec policy
set 0 dst-address=0.0.0.0/0 src-address=0.0.0.0/0
/ip proxy
set cache-path=web-proxy1 max-cache-size=none parent-proxy=0.0.0.0
/ip route
add distance=1 gateway=10.10.15.36
add distance=1 gateway=10.10.15.36
/ip service
set telnet address=0.0.0.0/0
set ftp address=0.0.0.0/0
set www address=0.0.0.0/0
set ssh address=0.0.0.0/0
set www-ssl address=0.0.0.0/0
set api address=0.0.0.0/0 disabled=yes
set winbox address=0.0.0.0/0
/ip upnp
set allow-disable-external-interface=yes enabled=yes
/ppp profile
set *FFFFFFFE remote-address=*2C
/routing filter
add chain=ospf-out prefix=0.0.0.0/0
add chain=ospf-out prefix=0.0.0.0/0
/routing ospf interface
add interface=ether1 network-type=point-to-point
/routing ospf network
add area=backbone network=10.0.0.0/8
add area=backbone network=192.168.0.0/16
/snmp
set contact=WDC enabled=yes location="<location>" trap-target=0.0.0.0
/system clock
set time-zone-autodetect=no time-zone-name=America/Chicago
/system identity
set name=<name>
/system ntp client
set enabled=yes primary-ntp=23.99.222.162 secondary-ntp=199.102.46.77
/system routerboard settings
# Warning: memory not running at default frequency
set memory-frequency=1200DDR
The memory not running at default frequency struck me as odd, though the options given are " /system routerboard settings> set memory-frequency=
800DDR 1066DDR 1200DDR" and trying any of these settings results in the same "not running at default frequency" error.