Here is my config with some bits and pieces removed but are not important or are sensitive information:
# oct/16/2018 15:57:27 by RouterOS 6.43.2
# software id = REMOVED
#
# model = RouterBOARD 3011UiAS
# serial number = REMOVED
/interface bridge
add admin-mac=REMOVED auto-mac=no comment=defconf name=bridge
add fast-forward=no mtu=1500 name=internal-bridge
/interface ethernet
set [ find default-name=ether1 ] mac-address=REMOVED
set [ find default-name=sfp1 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
/interface vlan
add interface=internal-bridge name=vlan1 vlan-id=REMOVED
add interface=internal-bridge name=vlan2 vlan-id=REMOVED
add interface=internal-bridge name=vlan3 vlan-id=REMOVED
add interface=internal-bridge name=vlan5 vlan-id=REMOVED
add interface=internal-bridge name=vlan6 vlan-id=REMOVED
add interface=internal-bridge name=vlan4 vlan-id=REMOVED
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
add name="Public Network"
add name="Admin Networks"
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip firewall layer7-protocol
add name=activedirectory regexp="\\x06\\x5Fmsdcs\\x06itsoft\\x02by"
/ip ipsec peer profile
add dh-group=modp1024 lifetime=1h name=profile_1
add dh-group=modp1024 dpd-interval=disable-dpd enc-algorithm=aes-256 name=\
profile_2 nat-traversal=no
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
/ip pool
add name=vlan6-2 ranges=172.31.1.2-172.31.1.254
add name=VPN ranges=192.168.0.32/29
add name=vlan1-dynamic-2-old ranges=192.168.1.2-192.168.1.254
add name=vlan1-dynamic-old next-pool=vlan1-dynamic-2-old ranges=\
192.168.0.150-192.168.0.254
add name=vlan6-1 next-pool=vlan6-2 ranges=172.31.0.2-172.31.0.254
add name=vlan2 ranges=172.16.253.2-172.16.253.254
add name=vlan1 ranges=172.16.255.2-172.16.255.254
add name=vlan3 ranges=172.16.0.2-172.16.0.254
add name=vlan4 ranges=172.16.254.2-172.16.254.254
/ip dhcp-server
add address-pool=vlan1-dynamic-old disabled=no interface=internal-bridge \
lease-time=1d name=vlan1-old
add address-pool=vlan6-1 disabled=no interface=vlan6 lease-time=\
2h name=vlan6
add address-pool=vlan2 disabled=no interface=vlan2 lease-time=\
1d name=vlan2
add address-pool=vlan1 disabled=no interface=vlan1 lease-time=1d \
name=vlan1
add address-pool=vlan3 disabled=no interface=vlan3 lease-time=3d \
name=vlan3
add address-pool=vlan4 disabled=no interface=vlan4 lease-time=\
1d name=vlan4
/ppp profile
set *FFFFFFFE local-address=192.168.0.1 remote-address=vpn
/queue tree
add comment="Everything Else 1k" disabled=yes max-limit=1k name="No Mark" \
packet-mark=no-mark parent=global
/queue tree
add name="Total Download" parent=global queue=pcq-download-default
add name="Total Upload" parent=global queue=pcq-upload-default
add limit-at=6M max-limit=25M name="02 Live Stream Upload" packet-mark=\
"Upload Live Stream" parent="Total Upload" priority=2 queue=\
pcq-upload-default
add limit-at=10M max-limit=100M name="02 Live Stream Download" packet-mark=\
"Download Live Stream" parent="Total Download" priority=2 queue=\
pcq-download-default
add name="03 Giving Stations, Kiosks, etc Upload" packet-mark=\
"Upload Giving Stations, Kiosks, etc" parent="Total Upload" priority=3 \
queue=pcq-upload-default
add name="03 Giving Stations, Kiosks, etc Download" packet-mark=\
"Download Giving Stations, Kiosks, etc" parent="Total Download" priority=\
3 queue=pcq-download-default
add max-limit=5M name="08 Guest Network Upload" packet-mark=\
"Upload Guest Network" parent="Total Upload" queue=pcq-upload-default
add max-limit=150M name="08 Guest Network Download" packet-mark=\
"Download Guest Network" parent="Total Download" queue=\
pcq-download-default
add disabled=yes name="01 Unassigned Download" parent="Total Download" \
priority=1 queue=pcq-download-default
add disabled=yes name="04 Unassigned Download" parent="Total Download" \
priority=4 queue=pcq-download-default
add disabled=yes name="05 Unassigned Download" parent="Total Download" \
priority=5
add disabled=yes name="06 Unassigned Download" parent="Total Download" \
priority=6
add disabled=yes name="07 Unassigned Download" parent="Total Download" \
priority=7 queue=pcq-download-default
add disabled=yes name="01 Unassigned Upload" parent="Total Upload" priority=1 \
queue=pcq-upload-default
add disabled=yes name="04 Unassigned Upload" parent="Total Upload" priority=4 \
queue=pcq-upload-default
add disabled=yes name="05 Unassigned Upload" parent="Total Upload" priority=5 \
queue=pcq-upload-default
add disabled=yes name="06 Unassigned Upload" parent="Total Upload" priority=6 \
queue=pcq-upload-default
add disabled=yes name="07 Unassigned Upload" parent="Total Upload" priority=7 \
queue=pcq-upload-default
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/system logging action
set 1 disk-file-count=1 disk-lines-per-file=4000
/interface bridge port
add bridge=internal-bridge comment=defconf interface=ether2
add bridge=internal-bridge comment=defconf interface=ether3
add bridge=internal-bridge comment=defconf interface=ether4
add bridge=internal-bridge comment=defconf interface=ether5
add bridge=internal-bridge comment=defconf interface=ether6
add bridge=internal-bridge comment=defconf interface=ether7
add bridge=internal-bridge comment=defconf interface=ether8
add bridge=internal-bridge comment=defconf interface=ether9
add bridge=internal-bridge comment=defconf interface=sfp1
add bridge=internal-bridge hw=no interface=ether10
/ip firewall connection tracking
set enabled=yes
/ip neighbor discovery-settings
set discover-interface-list=LAN
/ip settings
set rp-filter=strict tcp-syncookies=yes
/interface l2tp-server server
set default-profile=default enabled=yes use-ipsec=yes
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=vlan6 list="Public Network"
add interface=vlan1 list="Admin Networks"
add interface=vlan2 list="Admin Networks"
add interface=vlan3 list="Admin Networks"
add interface=vlan5 list="Admin Networks"
add interface=vlan4 list="Admin Networks"
/ip address
add address=192.168.0.1/24 interface=internal-bridge network=192.168.0.0
add address=172.31.0.1/24 interface=vlan6 network=172.31.0.0
add address=172.31.1.1/24 interface=vlan6 network=172.31.1.0
add address=192.168.1.1/24 interface=internal-bridge network=192.168.1.0
add address=192.168.88.2/24 interface=internal-bridge network=192.168.88.0
add address=172.16.0.1/24 interface=vlan3 network=172.16.0.0
add address=172.16.255.1/24 interface=vlan1 network=172.16.255.0
add address=172.16.254.1/24 interface=vlan4 network=172.16.254.0
add address=172.16.253.1/24 interface=vlan2 network=172.16.253.0
add address=172.16.250.1/24 interface=internal-bridge network=172.16.250.0
add address=172.16.251.1/24 interface=internal-bridge network=172.16.251.0
add address=172.16.252.1/24 interface=internal-bridge network=172.16.252.0
add address=REMOVED interface=ether1 network=REMOVED
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid interface=ether1 \
use-peer-dns=no
add dhcp-options=clientid,clientid,hostname interface=ether1 use-peer-dns=no
/ip dhcp-server lease
LEASES REMOVED
/ip dhcp-server network
add address=172.16.0.0/24 dns-server=172.16.0.1 \
domain=COTH.local gateway=172.16.0.1
add address=172.16.253.0/24 dns-server=\
1.1.1.1,1.0.0.1,8.8.8.8,8.8.4.4 gateway=172.16.253.1
add address=172.16.254.0/24 dns-server=\
1.1.1.1,1.0.0.1,8.8.8.8,8.8.4.4 gateway=172.16.254.1
add address=172.16.255.0/24 dns-server=172.16.255.1 \
domain=COTH.local gateway=172.16.255.1
add address=172.31.0.0/24 dns-server=\
1.1.1.1,1.0.0.1,8.8.8.8,8.8.4.4 gateway=172.31.0.1
add address=172.31.1.0/24 dns-server=\
1.1.1.1,1.0.0.1,8.8.8.8,8.8.4.4 gateway=172.31.1.1
add address=192.168.0.0/24 dns-server=\
1.1.1.1,1.0.0.1,8.8.8.8,8.8.4.4 gateway=192.168.0.1
add address=192.168.1.0/24 dns-server=\
1.1.1.1,1.0.0.1,8.8.8.8,8.8.4.4 gateway=192.168.1.1
add address=192.168.88.0/24 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes servers=\
172.16.0.4,1.1.1.1,1.0.0.1,8.8.8.8,8.8.4.4
/ip dns static
REMOVED
/ip firewall address-list
add address=192.168.0.32/29 list="VPN Users"
add address=172.31.0.0/24 list="Guest Network"
add address=172.31.1.0/24 list="Guest Network"
add address=0.pool.ntp.org list="NTP Servers"
add address=1.pool.ntp.org list="NTP Servers"
OTHERS REMOVED
/ip firewall filter
add action=reject chain=forward comment="Dynamo Printer Connections" \
dst-address=128.30.52.100 protocol=tcp reject-with=tcp-reset
add action=drop chain=forward comment=\
"Drop Traffic from the Free WiFi VLAN to Primary VLAN" in-interface-list=\
"Public Network" out-interface-list="Admin Networks"
add action=drop chain=forward comment=\
"Drop Traffic from the Free WiFi VLAN to Primary VLAN" in-interface-list=\
"Admin Networks" out-interface-list="Public Network"
add action=drop chain=input comment="Drop blocked IP addresses" in-interface=\
ether1 src-address-list="Blocked IPs"
add action=accept chain=input comment="Always Allow List" in-interface=ether1 \
src-address-list="Always Allow List"
add action=accept chain=input comment="Allow NTP Servers" dst-port=123 \
in-interface=ether1 protocol=udp src-address-list="NTP Servers"
add action=accept chain=input comment=VPN dst-port=500,1701,4500 \
in-interface=ether1 protocol=udp
add action=accept chain=input comment=VPN in-interface=ether1 protocol=\
ipsec-esp
add action=drop chain=input comment="Drop ICMP period" in-interface=ether1 \
protocol=icmp
add action=drop chain=input comment="Drop invalid connections" \
connection-state=invalid in-interface=ether1
add action=accept chain=input comment="Accept Established Connections" \
connection-state=established in-interface=ether1
add action=accept chain=input comment="Accept Related Connections" \
connection-state=related in-interface=ether1
add action=drop chain=input comment="Drop Everything Else" in-interface=\
ether1
/ip firewall mangle
add action=mark-packet chain=prerouting disabled=yes dst-address=192.168.0.1 \
dst-port=53 layer7-protocol=activedirectory new-packet-mark=\
activedirectory passthrough=yes protocol=udp
add action=mark-packet chain=forward comment="Live Stream Upload" disabled=\
yes new-packet-mark="Upload Live Stream" passthrough=no src-address-list=\
"Live Stream"
add action=mark-packet chain=forward comment="Live Stream Download" disabled=\
yes dst-address-list="Live Stream" new-packet-mark="Download Live Stream" \
passthrough=no
add action=mark-packet chain=forward comment=\
"Giving Stations, Kiosks, etc Upload" disabled=yes new-packet-mark=\
"Upload Giving Stations, Kiosks, etc" passthrough=no src-address-list=\
"Giving Stations, Kiosks, etc"
add action=mark-packet chain=forward comment=\
"Giving Stations, Kiosks, etc Download" disabled=yes dst-address-list=\
"Giving Stations, Kiosks, etc" new-packet-mark=\
"Download Giving Stations, Kiosks, etc" passthrough=no
add action=mark-packet chain=forward comment="Guest Network Upload" disabled=\
yes new-packet-mark="Upload Guest Network" passthrough=no \
src-address-list="Guest Network"
add action=mark-packet chain=forward comment="Guest Network Download" \
disabled=yes dst-address-list="Guest Network" new-packet-mark=\
"Download Guest Network" passthrough=no
add action=mark-connection chain=prerouting disabled=yes new-connection-mark=\
"Live Stream Connection" passthrough=yes src-address-list="Live Stream"
add action=mark-packet chain=prerouting connection-mark=\
"Live Stream Connection" disabled=yes new-packet-mark=\
"Upload Live Stream" passthrough=no
add action=mark-packet chain=input disabled=yes new-packet-mark=\
"Upload Live Stream" passthrough=no src-address-list="Live Stream"
add action=mark-packet chain=output disabled=yes dst-address-list=\
"Live Stream" new-packet-mark="Download Live Stream" passthrough=no
/ip firewall nat
REMOVED
/ip firewall service-port
set sip disabled=yes sip-direct-media=no
/ip ipsec peer
add address=0.0.0.0/0 comment="VPN" exchange-mode=main-l2tp \
generate-policy=port-override passive=yes profile=profile_1 \
send-initial-contact=no
/ip ipsec policy
add dst-address=0.0.0.0/0 src-address=0.0.0.0/0 template=yes
/ip route
add distance=1 gateway=REMOVED
/ip service
set telnet address=0.0.0.0/0 disabled=yes
set ftp address=0.0.0.0/0
set www address=0.0.0.0/0
set ssh address=0.0.0.0/0
set www-ssl address=0.0.0.0/0
set api address=0.0.0.0/0 disabled=yes
set winbox address=0.0.0.0/0
set api-ssl address=0.0.0.0/0 disabled=yes
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=ether1 type=external
add interface=vlan1 type=internal
add interface=vlan3 type=internal
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
add address=::224.0.0.0/100 comment="defconf: other" list=bad_ipv6
add address=::127.0.0.0/104 comment="defconf: other" list=bad_ipv6
add address=::/104 comment="defconf: other" list=bad_ipv6
add address=::255.0.0.0/104 comment="defconf: other" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=\
icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=\
33434-33534 protocol=udp
add action=accept chain=input comment=\
"defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\
udp src-address=fe80::/16
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \
protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\
ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\
ipsec-esp
add action=accept chain=input comment=\
"defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment=\
"defconf: drop everything else not coming from LAN" in-interface-list=\
!LAN
add action=accept chain=forward comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment=\
"defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \
hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\
icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=\
500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\
ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\
ipsec-esp
add action=accept chain=forward comment=\
"defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment=\
"defconf: drop everything else not coming from LAN" in-interface-list=\
!LAN
/lcd
set read-only-mode=yes time-interval=hour
/lcd pin
set hide-pin-number=yes pin-number=3492
/ppp secret
REMOVED
/snmp
set contact="REMOVED" enabled=yes location=\
"REMOVED" trap-generators=\
interfaces,temp-exception trap-interfaces=all trap-version=2
/system clock
set time-zone-name=America/Chicago
/system identity
set name=MikroTik
/system logging
set 0 action=disk
set 1 action=disk
set 2 action=disk
set 3 action=disk
/system ntp client
set enabled=yes primary-ntp=89.111.54.85 secondary-ntp=217.147.223.78 \
server-dns-names=0.pool.ntp.org,1.pool.ntp.org
/system routerboard settings
set silent-boot=yes
/system scheduler
add comment="Daily Reboot" interval=1d name="Daily Reboot" on-event=\
"/system reboot" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive start-date=\
mar/16/2017 start-time=04:00:00
add interval=1h name=Update_NTP on-event=Update_NTP policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-time=startup
/system script
add dont-require-permissions=no name=Update_NTP owner=admin policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":\
delay 60s\r\
\n/system ntp client set primary-ntp=[:resolve 0.pool.ntp.org]\r\
\n/system ntp client set secondary-ntp=[:resolve 1.pool.ntp.org]"
add dont-require-permissions=no name="Bandwidth Test Both" owner=admin \
policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
source=":log info \"------------ UDP Bandwidth Test Start: BOTH ----------\
----\";\r\
\n\r\
\n:local btUser \"btest\";\r\
\n:local btPass \"btest\";\r\
\n:local btHost \"207.32.194.24\";\r\
\n\r\
\n:local avrRX 0;\r\
\n:local avrTX 0;\r\
\n\r\
\n# SPEED TEST\r\
\n:log info \"----> <--- Measuring Bandwidth (30 second segment)........\"\
;\r\
\n:do {/tool bandwidth-test duration=30s user=\$btUser password=\$btPass p\
rotocol=udp address=\$btHost direction=both do={\r\
\n :set \$avrRX (\"rx-10-second-average: \" . (\$\"rx-10-second-averag\
e\" / 1048576) . \".\" . (\$\"rx-10-second-average\" % (1048576) / 1024) .\
\_\" Mbps\" );\r\
\n :set \$avrTX (\"tx-10-second-average: \" . (\$\"tx-10-second-averag\
e\" / 1048576) . \".\" . (\$\"tx-10-second-average\" % (1048576) / 1024) .\
\_\" Mbps\" );\r\
\n }\r\
\n} on-error={:log error message=\"Bandwidth Test Failed\"}\r\
\n\r\
\n:log info message=\$avrRX;\r\
\n:log info message=\$avrTX;\r\
\n\r\
\n:log info \"-------- UDP Bandwidth Test End: BOTH ------------\";\r\
\n\r\
\n\r\
\n################# SAVING RESULTS WITH DATE ######################\r\
\n:local filename2 \"LOG_BW_TEST.txt\"\r\
\n:local ds [/system clock get date];\r\
\n:local months (\"jan\",\"feb\",\"mar\",\"apr\",\"may\",\"jun\",\"jul\",\
\"aug\",\"sep\",\"oct\",\"nov\",\"dec\");\r\
\n:local month [ :pick \$ds 0 3 ];\r\
\n:local mm ([ :find \$months \$month -1 ] + 1);\r\
\n:if (\$mm < 10) do={ :set mm (\"0\" . \$mm); };\r\
\n:set ds ([:pick \$ds 7 11] . \$mm . [:pick \$ds 4 6]);\r\
\n\r\
\n:if ( [:len [/file find name=\$filename2]] = 0) do={\r\
\n:log info \"Log file does not exist. Creating a new one.....\";\r\
\n/file print file=\$filename2 where name=\"\";\r\
\n}\r\
\n\r\
\n:log info \"Adding result to the end of the lof file......\";\r\
\n/file set \$filename2 contents=([get \$filename2 contents] .\"\\n\".\$d\
s.\"-->\" . \$avrRX);\r\
\n/file set \$filename2 contents=([get \$filename2 contents] .\" \". \$\
avrTX);\r\
\n}\r\
\n"
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
/tool romon
set enabled=yes
Some items here I don't recognize from before and can only assume were added as a result of updating over the last few months, such as the IPv6 Firewall rules. I also am only supposed to have one bridge interface but notice there are 2. Guessing this is the result of an update again.