Thank you for the information. Dynamic DNS has never been enabled and I have never had need of the remote connection capability. Should it still be making those connections when all the options in IP/Cloud are unchecked? Including my config:
# nov/26/2020 12:00:07 by RouterOS 6.47.8
# software id = 0N1T-537Y
#
# model = RB4011iGS+5HacQ2HnD
# serial number = D43B0CAD7AA8
/interface bridge
add admin-mac=48:8F:5A:69:09:83 auto-mac=no comment=defconf dhcp-snooping=yes \
igmp-snooping=yes mtu=1500 name=bridge protocol-mode=none
/interface wireless
set [ find default-name=wlan2 ] band=2ghz-g/n basic-rates-a/g=54Mbps \
basic-rates-b="" channel-width=20/40mhz-XX country="united states" \
disabled=no distance=indoors frequency=auto installation=indoor l2mtu=\
1590 mode=ap-bridge multicast-helper=full scan-list=default,5200-5300 \
ssid=DJJ1 supported-rates-a/g=54Mbps supported-rates-b="" \
wireless-protocol=802.11 wmm-support=enabled wps-mode=disabled
/interface ethernet
set [ find default-name=ether1 ] auto-negotiation=no rx-flow-control=auto \
tx-flow-control=auto
set [ find default-name=ether2 ] rx-flow-control=auto tx-flow-control=auto
set [ find default-name=ether6 ] speed=100Mbps
set [ find default-name=ether8 ] speed=100Mbps
set [ find default-name=ether10 ] poe-out=off
/interface wireless nstreme
set wlan2 enable-polling=no
/interface bonding
add disabled=yes mode=active-backup name=bonding1 primary=ether1 slaves=\
ether1,ether2
/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=0
set 2 default-vlan-id=0
set 3 default-vlan-id=0
set 4 default-vlan-id=0
set 5 default-vlan-id=0
set 6 default-vlan-id=0
set 7 default-vlan-id=0
set 8 default-vlan-id=0
set 9 default-vlan-id=0
set 10 default-vlan-id=0
set 11 default-vlan-id=0
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk disable-pmkid=yes \
eap-methods="" mode=dynamic-keys supplicant-identity=MikroTik
add authentication-types=wpa2-psk disable-pmkid=yes eap-methods="" \
management-protection=allowed mode=dynamic-keys name=5G \
supplicant-identity=""
/interface wireless
set [ find default-name=wlan1 ] band=5ghz-a/n/ac basic-rates-a/g=54Mbps \
channel-width=20/40mhz-Ce country="united states" disabled=no distance=\
indoors frequency=auto installation=indoor l2mtu=1590 mode=ap-bridge \
multicast-helper=full security-profile=5G ssid=DJJ2 supported-rates-a/g=\
54Mbps vht-basic-mcs="" vht-supported-mcs="" wireless-protocol=802.11 \
wmm-support=enabled wps-mode=disabled
/interface wireless nstreme
set wlan1 enable-polling=no
/ip pool
add name=dhcp ranges=10.0.0.2-10.0.0.254
add name=pool1 ranges=10.0.0.3-10.0.0.254
/ip dhcp-server
add add-arp=yes address-pool=dhcp bootp-lease-time=lease-time bootp-support=\
dynamic disabled=no interface=bridge lease-time=2h10m name=dhcp1
add add-arp=yes address-pool=pool1 bootp-support=none interface=bonding1 \
name=server1
/lora servers
add address=eu.mikrotik.thethings.industries down-port=1700 name=TTN-EU \
up-port=1700
add address=us.mikrotik.thethings.industries down-port=1700 name=TTN-US \
up-port=1700
/queue type
set 1 kind=sfq
/queue interface
set ether1 queue=ethernet-default
set ether2 queue=ethernet-default
set ether3 queue=ethernet-default
set ether4 queue=ethernet-default
set ether5 queue=ethernet-default
set ether6 queue=ethernet-default
set ether7 queue=ethernet-default
set ether8 queue=ethernet-default
set ether9 queue=ethernet-default
set ether10 queue=ethernet-default
/snmp community
set [ find default=yes ] addresses=::/0,0.0.0.0/0
/tool user-manager customer
set admin access=\
own-routers,own-users,own-profiles,own-limits,config-payment-gw
/interface bridge port
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=ether6
add bridge=bridge comment=defconf interface=ether7
add bridge=bridge comment=defconf interface=ether8
add bridge=bridge comment=defconf interface=ether9
add bridge=bridge comment=defconf interface=ether10
add bridge=bridge comment=defconf interface=sfp-sfpplus1
add bridge=bridge comment=defconf interface=wlan1
add bridge=bridge comment=defconf interface=wlan2
add bridge=bridge interface=ether2
/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-vlan=yes
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface detect-internet
set detect-interface-list=all internet-interface-list=WAN lan-interface-list=\
LAN wan-interface-list=WAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=ether3 list=LAN
add interface=ether4 list=LAN
add interface=ether5 list=LAN
add interface=ether6 list=LAN
add interface=ether7 list=LAN
add interface=ether8 list=LAN
add interface=ether9 list=LAN
add interface=ether10 list=LAN
add disabled=yes interface=bonding1 list=WAN
/ip address
add address=10.0.0.1/24 comment=defconf interface=bridge network=\
192.168.99.0
/ip cloud
set update-time=no
/ip dhcp-client
add comment=defconf disabled=no interface=ether1 use-peer-dns=no
add interface=ether1 use-peer-dns=no
add add-default-route=no interface=ether2 use-peer-dns=no use-peer-ntp=no
/ip dhcp-server config
set store-leases-disk=15m
/ip dhcp-server lease
add address=10.0.0.234 client-id=1:0:b:82:d1:fd:e5 mac-address=\
00:0B:82:D1:FD:E5 server=dhcp1
add address=10.0.0.205 client-id=1:0:e0:4c:68:1:3a mac-address=\
00:E0:4C:68:01:3A server=dhcp1
add address=10.0.0.13 mac-address=00:18:61:44:B8:6D server=dhcp1
add address=10.0.0.222 mac-address=AA:9F:EC:07:84:F7 server=dhcp1
/ip dhcp-server network
add address=10.0.0.0/24 comment=defconf dns-server=10.0.0.205 \
gateway=10.0.0.1 netmask=24
/ip dns
set allow-remote-requests=yes servers=10.0.0.205
/ip dns static
add address=10.0.0.1 comment=defconf name=router.lan
add address=10.0.0.205 name=pidns
/ip firewall address-list
add address=127.0.0.0/8 comment="defconf: RFC6890" list=bad_ipv4
add address=192.0.0.0/24 comment="defconf: RFC6890" list=bad_ipv4
add address=192.0.2.0/24 comment="defconf: RFC6890 documentation" list=\
bad_ipv4
add address=198.51.100.0/24 comment="defconf: RFC6890 documentation" list=\
bad_ipv4
add address=203.0.113.0/24 comment="defconf: RFC6890 documentation" list=\
bad_ipv4
add address=240.0.0.0/4 comment="defconf: RFC6890 reserved" list=bad_ipv4
add address=0.0.0.0/8 comment="defconf: RFC6890" list=not_global_ipv4
add address=10.0.0.0/8 comment="defconf: RFC6890" list=not_global_ipv4
add address=100.64.0.0/10 comment="defconf: RFC6890" list=not_global_ipv4
add address=169.254.0.0/16 comment="defconf: RFC6890" list=not_global_ipv4
add address=172.16.0.0/12 comment="defconf: RFC6890" list=not_global_ipv4
add address=192.0.0.0/29 comment="defconf: RFC6890" list=not_global_ipv4
add address=192.168.0.0/16 comment="defconf: RFC6890" list=not_global_ipv4
add address=198.18.0.0/15 comment="defconf: RFC6890 benchmark" list=\
not_global_ipv4
add address=255.255.255.255 comment="defconf: RFC6890" list=not_global_ipv4
add address=224.0.0.0/4 comment="defconf: multicast" list=bad_src_ipv4
add address=255.255.255.255 comment="defconf: RFC6890" list=bad_src_ipv4
add address=0.0.0.0/8 comment="defconf: RFC6890" list=bad_dst_ipv4
add address=224.0.0.0/4 comment="defconf: RFC6890" list=bad_dst_ipv4
add address=192.168.99.229 list=pidns
/ip firewall filter
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related disabled=yes
add action=fasttrack-connection chain=forward disabled=yes src-address=\
10.0.0.205
add action=fasttrack-connection chain=forward disabled=yes dst-address=\
10.0.0.205
add action=fasttrack-connection chain=forward disabled=yes port=5060 \
protocol=tcp
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related disabled=yes
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=reject chain=input dst-port=53 in-interface-list=WAN protocol=tcp \
reject-with=tcp-reset
add action=reject chain=input dst-port=53 in-interface-list=WAN protocol=udp \
reject-with=icmp-port-unreachable
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
/ip firewall mangle
add action=fasttrack-connection chain=forward in-interface-list=LAN
add action=fasttrack-connection chain=output
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" disabled=yes \
ipsec-policy=out,none out-interface=bonding1
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface=ether1
add action=masquerade chain=srcnat comment="modem access" disabled=yes \
dst-address=10.0.0.0/24 out-interface=bonding1
add action=dst-nat chain=dstnat dst-address=!10.0.0.205 dst-port=53 \
in-interface-list=!WAN protocol=udp src-address=!10.0.0.205 \
to-addresses=10.0.0.205
add action=dst-nat chain=dstnat dst-address=!10.0.0.205 dst-port=53 \
in-interface-list=!WAN protocol=tcp src-address=!10.0.0.205 \
to-addresses=10.0.0.205
add action=masquerade chain=srcnat dst-address=10.0.0.205 dst-port=53 \
protocol=udp src-address=10.0.0.0/24
add action=masquerade chain=srcnat dst-address=10.0.0.205 dst-port=53 \
protocol=tcp src-address=10.0.0.0/24
add action=dst-nat chain=dstnat disabled=yes in-interface=bonding1 protocol=\
tcp src-port=5060 to-addresses=10.0.0.234
add action=dst-nat chain=dstnat disabled=yes dst-port=5060 in-interface=\
bonding1 protocol=tcp to-addresses=10.0.0.234
/ip firewall raw
add action=accept chain=prerouting comment=\
"defconf: enable for transparent firewall" disabled=yes
add action=accept chain=prerouting comment="defconf: accept DHCP discover" \
dst-address=255.255.255.255 dst-port=67 in-interface-list=LAN protocol=\
udp src-address=0.0.0.0 src-port=68
add action=drop chain=prerouting comment="defconf: drop bogon IP's" \
src-address-list=bad_ipv4
add action=drop chain=prerouting comment="defconf: drop bogon IP's" \
dst-address-list=bad_ipv4
add action=drop chain=prerouting comment="defconf: drop bogon IP's" \
src-address-list=bad_src_ipv4
add action=drop chain=prerouting comment="defconf: drop bogon IP's" \
dst-address-list=bad_dst_ipv4
add action=drop chain=prerouting comment="defconf: drop non global from WAN" \
in-interface-list=WAN src-address-list=not_global_ipv4
add action=drop chain=prerouting comment=\
"defconf: drop forward to local lan from WAN" dst-address=10.0.0.0/24 \
in-interface-list=WAN
add action=drop chain=prerouting comment=\
"defconf: drop local if not from default IP range" in-interface-list=LAN \
src-address=!192.168.99.0/24
add action=drop chain=prerouting comment="defconf: drop bad UDP" port=0 \
protocol=udp
add action=jump chain=prerouting comment="defconf: jump to ICMP chain" \
jump-target=icmp4 protocol=icmp
add action=jump chain=prerouting comment="defconf: jump to TCP chain" \
jump-target=bad_tcp protocol=tcp
add action=accept chain=prerouting comment=\
"defconf: accept everything else from LAN" in-interface-list=LAN
add action=accept chain=prerouting comment=\
"defconf: accept everything else from WAN" in-interface-list=WAN
add action=drop chain=prerouting comment="defconf: drop the rest"
add action=drop chain=bad_tcp comment="defconf: TCP flag filter" protocol=tcp \
tcp-flags=!fin,!syn,!rst,!ack
add action=drop chain=bad_tcp comment=defconf protocol=tcp tcp-flags=fin,syn
add action=drop chain=bad_tcp comment=defconf protocol=tcp tcp-flags=fin,rst
add action=drop chain=bad_tcp comment=defconf protocol=tcp tcp-flags=fin,!ack
add action=drop chain=bad_tcp comment=defconf protocol=tcp tcp-flags=fin,urg
add action=drop chain=bad_tcp comment=defconf protocol=tcp tcp-flags=syn,rst
add action=drop chain=bad_tcp comment=defconf protocol=tcp tcp-flags=rst,urg
add action=drop chain=bad_tcp comment="defconf: TCP port 0 drop" port=0 \
protocol=tcp
add action=accept chain=icmp4 comment="defconf: echo reply" icmp-options=0:0 \
limit=5,10:packet protocol=icmp
add action=accept chain=icmp4 comment="defconf: net unreachable" \
icmp-options=3:0 protocol=icmp
add action=accept chain=icmp4 comment="defconf: host unreachable" \
icmp-options=3:1 protocol=icmp
add action=accept chain=icmp4 comment="defconf: protocol unreachable" \
icmp-options=3:2 protocol=icmp
add action=accept chain=icmp4 comment="defconf: port unreachable" \
icmp-options=3:3 protocol=icmp
add action=accept chain=icmp4 comment="defconf: fragmentation needed" \
icmp-options=3:4 protocol=icmp
add action=accept chain=icmp4 comment="defconf: echo" icmp-options=8:0 limit=\
5,10:packet protocol=icmp
add action=accept chain=icmp4 comment="defconf: time exceeded " icmp-options=\
11:0-255 protocol=icmp
add action=drop chain=icmp4 comment="defconf: drop other icmp" protocol=icmp
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip upnp
set disabled=yes
/ip upnp interfaces
add interface=bridge type=internal
add disabled=yes interface=ether1 type=external
add disabled=yes interface=ether2 type=external
add disabled=yes interface=ether3 type=internal
add disabled=yes interface=ether4 type=internal
add disabled=yes interface=ether5 type=internal
add disabled=yes interface=ether6 type=internal
add disabled=yes interface=ether7 type=internal
add disabled=yes interface=ether8 type=internal
add disabled=yes interface=ether9 type=internal
add disabled=yes interface=ether10 type=internal
add interface=bonding1 type=external
/system clock
set time-zone-name=America/New_York
/system leds
add interface=wlan2 leds="wlan2_signal1-led,wlan2_signal2-led,wlan2_signal3-le\
d,wlan2_signal4-led,wlan2_signal5-led" type=wireless-signal-strength
add interface=wlan2 leds=wlan2_tx-led type=interface-transmit
add interface=wlan2 leds=wlan2_rx-led type=interface-receive
/tool bandwidth-server
set authenticate=no enabled=no
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=none
/tool mac-server ping
set enabled=no
/tool netwatch
add down-script="/ip dbs set servers=9.9.9.9" host=10.0.0.205 interval=\
15s up-script="/ip dns set servers=10.0.0.205\r\
\n/ip dns cache flush"
/tool user-manager database
set db-path=user-manager
Any enlightenment would be appreciated. Thank you.