Please post your latest complete config.
/export hide-sensitive file=anynameyouwish
okay here I trust you all gonna post also the public IP
/interface bridge
add admin-mac=08:55:31:40:3D:0C auto-mac=no comment=defconf name=88bridge
add name=178bridge
/interface ethernet
set [ find default-name=ether2 ] arp=disabled
set [ find default-name=sfp-sfpplus1 ] disabled=yes
/interface pppoe-client
add add-default-route=yes default-route-distance=2 dial-on-demand=yes \
disabled=no interface=ether2 keepalive-timeout=30 name=PLDTEnterprise \
user=
/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=0
set 2 default-vlan-id=0
set 3 default-vlan-id=0
set 4 default-vlan-id=0
set 5 default-vlan-id=0
set 6 default-vlan-id=0
set 7 default-vlan-id=0
set 8 default-vlan-id=0
set 9 default-vlan-id=0
set 10 default-vlan-id=0
set 11 default-vlan-id=0
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=home-dhcp ranges=192.168.88.20-192.168.88.254
add name=enterprise-dhcp ranges=192.168.178.10-192.168.178.254
/ip dhcp-server
add address-pool=home-dhcp interface=88bridge lease-time=52w1d name=\
defconfHOME
add address-pool=enterprise-dhcp interface=178bridge lease-time=52w1d name=\
defconENT
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
sword,sniff,sensitive,api,romon,tikapp,!web,!dude"
/interface bridge port
add bridge=88bridge comment=defconf interface=ether3
add bridge=88bridge comment=defconf interface=ether4
add bridge=88bridge comment=defconf interface=ether5
add bridge=88bridge comment=defconf interface=ether6
add bridge=88bridge comment=defconf interface=ether7
add bridge=88bridge comment=defconf interface=sfp-sfpplus1
add bridge=178bridge comment=defconf178 interface=ether9
add bridge=178bridge interface=ether10
/ip neighbor discovery-settings
set discover-interface-list=none
/ip settings
set tcp-syncookies=yes
/interface list member
add comment=defconf interface=88bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=ether2 list=WAN
add interface=178bridge list=LAN
add interface=PLDTEnterprise list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=88bridge network=\
192.168.88.0
add address=192.168.178.1/24 interface=178bridge network=192.168.178.0
/ip dhcp-client
add comment=defconf disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf gateway=192.168.88.1
add address=192.168.178.0/24 gateway=192.168.178.1
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall address-list
add list=ddos-attackers
add list=ddos-target
add address=0.0.0.0/8 comment="Self-Identification [RFC 3330]" list=bogons
add address=10.0.0.0/8 comment="Private[RFC 1918] - CLASS A # Check if you nee\
d this subnet before enable it" list=bogons
add address=127.0.0.0/8 comment="Loopback [RFC 3330]" list=bogons
add address=169.254.0.0/16 comment="Link Local [RFC 3330]" list=bogons
add address=172.16.0.0/12 comment="Private[RFC 1918] - CLASS B # Check if you \
need this subnet before enable it" list=bogons
add address=192.168.0.0/16 comment="Private[RFC 1918] - CLASS C # Check if you\
\_need this subnet before enable it" disabled=yes list=bogons
add address=192.0.2.0/24 comment="Reserved - IANA - TestNet1" list=bogons
add address=192.88.99.0/24 comment="6to4 Relay Anycast [RFC 3068]" list=\
bogons
add address=198.18.0.0/15 comment="NIDB Testing" list=bogons
add address=198.51.100.0/24 comment="Reserved - IANA - TestNet2" list=bogons
add address=203.0.113.0/24 comment="Reserved - IANA - TestNet3" list=bogons
add address=224.0.0.0/4 comment=\
"MC, Class D, IANA # Check if you need this subnet before enable it" \
disabled=yes list=bogons
add address=192.168.88.0/24 list=support
add address=192.168.88.10 list=support
add address=192.168.0.0/24 list=support
add address=192.168.178.0/24 list=support
add address=192.168.188.0/24 list=support
add address=192.168.178.0/24 list="178 Network"
add address=192.168.88.0/24 list="88 Network"
add address=202.84.114.0/24 list=support
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
add action=return chain=detect-ddos dst-limit=32,32,src-and-dst-addresses/10s
add action=add-dst-to-address-list address-list=ddos-target \
address-list-timeout=10m chain=detect-ddos
add action=add-src-to-address-list address-list=ddos-attackers \
address-list-timeout=10m chain=detect-ddos
add action=add-src-to-address-list address-list=Syn_Flooder \
address-list-timeout=30m chain=input comment=\
"Add Syn Flood IP to the list" connection-limit=30,32 protocol=tcp \
tcp-flags=syn
add action=drop chain=input comment="Drop to syn flood list" \
src-address-list=Syn_Flooder
add action=add-src-to-address-list address-list=Port_Scanner \
address-list-timeout=1w chain=input comment="Port Scanner Detect" \
protocol=tcp psd=21,3s,3,1
add action=drop chain=input comment="Drop to port scan list" \
src-address-list=Port_Scanner
add action=jump chain=input comment="Jump for icmp input flow" jump-target=\
ICMP protocol=icmp
add action=drop chain=input comment="Block all access to the winbox - except t\
o support list # DO NOT ENABLE THIS RULE BEFORE ADD YOUR SUBNET IN THE SUP\
PORT ADDRESS LIST" disabled=yes dst-port=8291 protocol=tcp \
src-address-list=!support
add action=jump chain=forward comment="Jump for icmp forward flow" \
jump-target=ICMP protocol=icmp
add action=drop chain=forward comment="Drop to bogon list" dst-address-list=\
bogons
add action=add-src-to-address-list address-list=spammers \
address-list-timeout=3h chain=forward comment=\
"Add Spammers to the list for 3 hours" connection-limit=30,32 dst-port=\
25,587 limit=30/1m,0 protocol=tcp
add action=drop chain=forward comment="Avoid spammers action" dst-port=25,587 \
protocol=tcp src-address-list=spammers
add action=accept chain=input comment="Accept DNS - UDP" port=53 protocol=udp
add action=accept chain=input comment="Accept DNS - TCP" port=53 protocol=tcp
add action=accept chain=input comment="Accept to established connections" \
connection-state=established
add action=accept chain=input comment="Accept to related connections" \
connection-state=related
add action=accept chain=input comment="Full access to SUPPORT address list" \
src-address-list=support
add action=accept chain=ICMP comment=\
"Echo request - Avoiding Ping Flood, adjust the limit as needed" \
icmp-options=8:0 limit=2,5 protocol=icmp
add action=accept chain=ICMP comment="Echo reply" icmp-options=0:0 protocol=\
icmp
add action=accept chain=ICMP comment="Time Exceeded" icmp-options=11:0 \
protocol=icmp
add action=accept chain=ICMP comment="Destination unreachable" icmp-options=\
3:0-1 protocol=icmp
add action=accept chain=ICMP comment=PMTUD icmp-options=3:4 protocol=icmp
add action=drop chain=ICMP comment="Drop to the other ICMPs" protocol=icmp
add action=jump chain=output comment="Jump for icmp output" jump-target=ICMP \
protocol=icmp
/ip firewall mangle
add action=mark-routing chain=prerouting comment="LAN1 TO WAN 1" \
new-routing-mark=LAN1_TO_WAN1 passthrough=yes src-address-list=\
"88 Network"
add action=mark-routing chain=prerouting comment="LAN2 TO WAN 2" \
new-routing-mark=LAN2_TO_WAN2 passthrough=yes src-address-list=\
"178 Network"
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface=ether1
add action=masquerade chain=srcnat ipsec-policy=out,none out-interface=\
PLDTEnterprise
add action=dst-nat chain=dstnat comment=SalesServer dst-address=122.53.63.134 \
dst-port=9101 in-interface=PLDTEnterprise log=yes protocol=tcp \
to-addresses=192.168.178.122 to-ports=9101
/ip firewall raw
add action=drop chain=prerouting dst-address-list=ddos-target \
src-address-list=ddos-attackers
/ip firewall service-port
set sip disabled=yes
/ip route
add distance=1 gateway=192.168.1.1 routing-mark=LAN1_TO_WAN1
add distance=1 gateway=PLDTEnterprise routing-mark=LAN2_TO_WAN2
add distance=1 dst-address=192.168.178.0/24 gateway=PLDTEnterprise
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip ssh
set strong-crypto=yes
/system clock
set time-zone-name=Asia/Manila
/system identity
set name=Graphic
/tool bandwidth-server
set enabled=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN