First the question is not relevant to your original post and has no relationship with IP routes ??? Secondly you have the same question in a different post in Forwarding Protocols which is a no no!
.
What I suggest is that you post your config...
/export hide-sensitive file=anynameyouwish
To see what is going on.
I'm asking this persistently because whenever i try to add another address to list with same or different ether port it causes to connection lost on all devices at network. Here is the exported info. I have hided some part of IP addresses manually and deleted simple queue and static dhcp leases. And yes i know there is lots of useless things from test configs that i run from the past.
Thank you.
# sep/01/2021 18:33:55 by RouterOS 6.47.1
# software id = E28V-ALZB
#
# model = 1100AHx2
/interface l2tp-server
add disabled=yes name=l2tp-in1 user=ozan
/interface bridge
add fast-forward=no name=bridge1_internet
add name=bridge2
/interface ethernet
set [ find default-name=ether1 ] speed=100Mbps
set [ find default-name=ether2 ] speed=100Mbps
set [ find default-name=ether3 ] speed=100Mbps
set [ find default-name=ether4 ] speed=100Mbps
set [ find default-name=ether5 ] speed=100Mbps
set [ find default-name=ether6 ] speed=100Mbps
set [ find default-name=ether7 ] speed=100Mbps
set [ find default-name=ether8 ] speed=100Mbps
set [ find default-name=ether9 ] speed=100Mbps
set [ find default-name=ether10 ] speed=100Mbps
set [ find default-name=ether11 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether12 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
set [ find default-name=ether13 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
/interface pptp-server
add disabled=yes name=VPN_CON user=RS
add disabled=yes name=pptp-in1 user=""
/interface vlan
add interface=bridge1_internet name="VLAN Guest" vlan-id=201
/interface list
add name=WAN
add name=LAN
/ip firewall layer7-protocol
add name=block regexp="^.+(youtube.com|trendyol.com|puhutv.com|facebook.com|tw\
itter.com|login.yahoo.com|wetransfer.com|instagram.com|transfernow.net|tra\
nsferxl.com|sendgb.com|iogames.space|agar.io|hole.io|paper.io|io.games|oyu\
nskor.com|kraloyun.com|webtekno.com|oyunkolu.com|y8.com|dersimiz.com|oyunf\
lash.com|3doyunlar.org|mynet.com|tamindir.com|oyungezer.com.tr|oyunavarim.\
com|indiroyunu.com|geekmahal.com|pcnet.com.tr|flashoyunlari.net|gezginler.\
net|erenet.net|pinterest.com|oyunskor.online|oynatsak.com|geyikmi.com|crox\
yproxy.com|proxysite.com|blockaway.net|animizm.com|vk.com|paribu.com|mail.\
google.com|n11.com|morhipo.com|linkedin.com|netflix.com|accounts.google.co\
m/signin/|accounts.google.com/ServiceLogin|login.live.com/).*\$"
/ip ipsec peer
add address=**.***.106.230/32 disabled=yes exchange-mode=ike2 name=istanbul
/ip ipsec profile
set [ find default=yes ] dh-group=modp2048 enc-algorithm=aes-256 \
hash-algorithm=sha256
add dh-group=modp1024 name=profile_1
add dh-group=modp1536 enc-algorithm=3des name=TB
/ip ipsec peer
add address=**.***.242.170/32 name=TB profile=TB
/ip ipsec proposal
add enc-algorithms=3des name=TB pfs-group=modp1536
/ip pool
add name=dhcp ranges=192.168.20.35-192.168.20.180
add name=dhcp_pool2 ranges=192.168.21.2-192.168.21.254
add name=dhcp_pool4 ranges=192.168.20.20-192.168.20.50
add name=dhcp_pool5 ranges=192.168.40.2-192.168.40.254
add name=vpn_ppol ranges=192.168.25.1-192.168.25.255
/ip dhcp-server
add address-pool=dhcp authoritative=after-2sec-delay interface=ether3 name=\
dhcp1
add address-pool=dhcp name=dhcp2
add address-pool=dhcp disabled=no interface=bridge1_internet name=dhcptest
add address-pool=dhcp_pool5 disabled=no interface="VLAN Guest" name=dhcp3
/ppp profile
add local-address=192.168.25.1 name=vpn_profile remote-address=vpn_ppol
set *FFFFFFFE dns-server=8.8.8.8 local-address=10.0.0.1 remote-address=\
10.0.0.2 wins-server=8.8.4.4
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/system logging action
set 3 remote=192.168.20.235
add name=remotelog remote=192.168.20.235 target=remote
/tool user-manager customer
set admin access=\
own-routers,own-users,own-profiles,own-limits,config-payment-gw
/tool user-manager profile
add name=SINIRSIZ name-for-users=SINIRSIZ override-shared-users=off owner=\
admin price=0 starts-at=logon validity=0s
add name=STANDART-2MBIT name-for-users=STANDART-2MBIT override-shared-users=\
off owner=admin price=0 starts-at=logon validity=0s
/tool user-manager profile limitation
add address-list="" download-limit=0B group-name="" ip-pool="" ip-pool6="" \
name=2MBIT owner=admin rate-limit-min-rx=524288B rate-limit-min-tx=\
2097152B rate-limit-rx=524288B rate-limit-tx=2097152B transfer-limit=0B \
upload-limit=0B uptime-limit=0s
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
sword,web,sniff,sensitive,api,romon,dude,tikapp"
add name=admin policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winb\
ox,web,sniff,sensitive,api,romon,dude,tikapp,!password"
add name=subadmin policy="local,read,write,policy,test,winbox,web,!telnet,!ssh\
,!ftp,!reboot,!password,!sniff,!sensitive,!api,!romon,!dude,!tikapp"
/interface bridge port
add bridge=bridge1_internet interface=ether2
add bridge=bridge1_internet interface=ether8
add bridge=bridge1_internet interface=ether6
add bridge=bridge1_internet interface=ether7
add bridge=bridge1_internet interface=ether9
add bridge=bridge2 interface=ether3
/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-vlan=yes
/interface l2tp-server server
set enabled=yes one-session-per-host=yes use-ipsec=yes
/interface list member
add interface=ether1 list=WAN
add list=LAN
/interface pptp-server server
set authentication=chap,mschap1,mschap2
/interface sstp-server server
set authentication=mschap2 certificate=Server enabled=yes force-aes=yes pfs=\
yes port=444
/ip address
add address=**.***.11.149/29 comment="default configuration" interface=ether1 \
network=**.***.11.144
add address=192.168.20.1/24 interface=bridge1_internet network=192.168.20.0
add address=192.168.40.1/24 interface="VLAN Guest" network=192.168.40.0
add address=192.168.21.1/24 interface=bridge1_internet network=192.168.21.0
add address=192.168.22.1/24 interface=bridge1_internet network=192.168.22.0
add address=192.168.23.1/24 interface=bridge1_internet network=192.168.23.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add disabled=no interface=ether1
/ip dhcp-server network
add address=192.168.20.0/24 gateway=192.168.20.1 netmask=24
add address=192.168.21.0/24 gateway=192.168.21.1
add address=192.168.23.0/24 gateway=192.168.23.1
add address=192.168.40.0/24 gateway=192.168.40.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,208.67.220.222
/ip firewall address-list
add address=**.***.11.144/29 list=allow-ip
add address=192.168.20.0/24 list=allow-ip
add address=192.168.21.0/24 list=alt-ip-list
add address=192.168.20.50-192.168.20.166 list=CM
add address=192.168.20.1.192.168.20.255 list="Local ALL"
add address=192.168.21.10-192.168.21.255 list="Full CM"
add address=192.168.20.235 list=Server
/ip firewall filter
add action=accept chain=input disabled=yes dst-port=25 protocol=tcp \
src-address=89.207.14.92
add action=accept chain=forward disabled=yes dst-port=25 protocol=tcp \
src-address=89.207.14.84
add action=accept chain=forward disabled=yes dst-address-list=Server \
dst-port=25 protocol=tcp
add action=drop chain=forward disabled=yes dst-port=25 protocol=tcp
add action=drop chain=input dst-port=53,8728,8729,21,22,23,80,443,8291 \
protocol=tcp
add action=drop chain=forward layer7-protocol=block src-address-list=\
"Full CM"
add action=drop chain=forward layer7-protocol=block src-address-list=CM
add action=add-src-to-address-list address-list=allow-ip \
address-list-timeout=1h chain=input comment=2 packet-size=1083
add action=accept chain=input comment=PPTP-VPN dst-port=1723 protocol=tcp
add action=accept chain=forward dst-address=192.168.20.235 src-address=\
192.168.40.1-192.168.40.255
add action=accept chain=forward ipsec-policy=out,ipsec
add action=accept chain=forward ipsec-policy=in,ipsec
add action=accept chain=forward dst-address-list="" src-address-list=""
add action=accept chain=input comment=1 src-address-list=allow-ip
add action=passthrough chain=input comment=4
add action=passthrough chain=input
add action=accept chain=forward disabled=yes layer7-protocol=block \
src-address=192.168.20.48
add action=log chain=forward connection-state=new dst-port=80,443 log-prefix=\
WebLog protocol=tcp
add action=jump chain=forward connection-state=new jump-target=detect-ddos
add action=return chain=detect-ddos disabled=yes dst-limit=\
32,32,src-and-dst-addresses/10s
add action=return chain=detect-ddos disabled=yes src-address=192.168.0.1
add action=add-dst-to-address-list address-list=ddosed address-list-timeout=\
10m chain=detect-ddos disabled=yes
add action=add-src-to-address-list address-list=ddoser address-list-timeout=\
10m chain=detect-ddos disabled=yes
add action=drop chain=forward disabled=yes dst-address=\
192.168.20.1-192.168.20.255 src-address=192.168.1.1-192.168.19.255
add action=drop chain=input comment=3 dst-port=53 protocol=udp
add action=drop chain=forward connection-state=new dst-address-list=ddosed \
src-address-list=ddoser
add action=drop chain=forward disabled=yes dst-address=\
192.168.20.1-192.168.20.255 src-address=192.168.21.1-192.168.255.255
add action=accept chain=input comment="allow L2TP VPN (ipsec-esp)" disabled=\
yes in-interface=ether1 protocol=ipsec-esp
add action=accept chain=input comment="allow L2TP VPN (500/udp)" disabled=yes \
dst-port=500 in-interface=ether1 protocol=udp
/ip firewall nat
add action=masquerade chain=srcnat ipsec-policy=out,none out-interface=ether1
add action=dst-nat chain=dstnat dst-address=**.***.11.144/29 dst-port=7001 \
protocol=tcp to-addresses=192.168.20.235 to-ports=7001
add action=dst-nat chain=dstnat dst-address=**.***.11.144/29 dst-port=211 \
protocol=tcp to-addresses=192.168.20.234 to-ports=211
add action=dst-nat chain=dstnat dst-address=**.***.11.144/29 dst-port=25 \
protocol=tcp to-addresses=192.168.20.235 to-ports=25
add action=dst-nat chain=dstnat dst-address=**.***.11.144/29 dst-port=587 \
protocol=tcp to-addresses=192.168.20.235 to-ports=587
add action=dst-nat chain=dstnat dst-address=**.***.11.144/29 dst-port=8090 \
protocol=tcp to-addresses=192.168.20.235 to-ports=8090
add action=dst-nat chain=dstnat dst-address=**.***.11.144/29 dst-port=3389 \
protocol=udp src-address=**.***.48.140 to-addresses=192.168.20.235 \
to-ports=3389
add action=dst-nat chain=dstnat dst-address=**.***.11.144/29 dst-port=3389 \
protocol=tcp src-address=**.***.48.140 to-addresses=192.168.20.235 \
to-ports=3389
add action=dst-nat chain=dstnat dst-address=**.***.11.144/29 dst-port=9090 \
protocol=tcp to-addresses=192.168.20.235 to-ports=9090
add action=dst-nat chain=dstnat dst-address=**.***.11.144/29 dst-port=7171 \
protocol=tcp to-addresses=192.168.20.235 to-ports=7171
add action=dst-nat chain=dstnat dst-address=**.***.11.144/29 dst-port=3389 \
protocol=tcp src-address=**.***.100.230 to-addresses=192.168.20.235 \
to-ports=3389
add action=dst-nat chain=dstnat dst-address=**.***.11.144/29 dst-port=3389 \
protocol=udp src-address=**.***.100.230 to-addresses=192.168.20.235 \
to-ports=3389
add action=dst-nat chain=dstnat dst-address=**.***.11.144/29 dst-port=995 \
protocol=tcp src-port="" to-addresses=192.168.20.235 to-ports=995
add action=dst-nat chain=dstnat dst-address=**.***.11.144/29 dst-port=465 \
protocol=tcp to-addresses=192.168.20.235 to-ports=465
add action=masquerade chain=srcnat dst-address=192.168.20.0/24 src-address=\
192.168.20.0/24
add action=dst-nat chain=dstnat dst-address=**.***.11.144/29 dst-port=993 \
protocol=tcp to-addresses=192.168.20.235 to-ports=993
add action=dst-nat chain=dstnat dst-address=**.***.11.144/29 dst-port=110 \
protocol=tcp to-addresses=192.168.20.235 to-ports=110
add action=masquerade chain=srcnat dst-address=192.168.21.0/24 src-address=\
192.168.21.0/24
add action=accept chain=srcnat dst-address=192.168.10.0/24 src-address=\
192.168.20.0/24
add action=masquerade chain=srcnat disabled=yes src-address=15.20.30.0/24
add action=dst-nat chain=dstnat dst-address=**.***.11.144/29 port=2121 \
protocol=tcp to-addresses=192.168.20.230 to-ports=2121
add action=dst-nat chain=dstnat dst-address=**.***.11.144/29 dst-port=21 \
protocol=tcp to-addresses=192.168.20.230 to-ports=21
add action=dst-nat chain=dstnat dst-address=**.***.11.144/29 dst-port=3388 \
protocol=tcp to-addresses=192.168.20.175 to-ports=3388
add action=dst-nat chain=dstnat dst-address=**.***.11.144/29 dst-port=2525 \
protocol=tcp to-addresses=192.168.20.235 to-ports=2525
add action=dst-nat chain=dstnat dst-address=**.***.11.144/29 dst-port=8080 \
protocol=tcp src-address=**.***.106.230 to-addresses=192.168.20.230 \
to-ports=8080
add action=dst-nat chain=dstnat dst-address=**.***.11.144/29 dst-port=3387 \
protocol=tcp to-addresses=192.168.20.176 to-ports=3387
add action=dst-nat chain=dstnat dst-address=**.***.11.144/29 dst-port=8597 \
protocol=tcp src-port="" to-addresses=192.168.20.235 to-ports=8597
add action=masquerade chain=srcnat dst-address=192.168.40.0/24 src-address=\
192.168.40.0/24
add action=accept chain=srcnat dst-address=192.168.7.0/24 src-address=\
192.168.20.0/24
add action=dst-nat chain=dstnat dst-address=**.***.11.144/29 dst-port=3389 \
protocol=tcp src-address=**.***.106.230 to-addresses=192.168.20.235 \
to-ports=3389
add action=dst-nat chain=dstnat dst-address=**.***.11.144/29 dst-port=37777 \
protocol=tcp src-address=0.0.0.0 to-addresses=192.168.20.7 to-ports=37777
add action=dst-nat chain=dstnat dst-address=**.***.11.144/29 dst-port=82 \
protocol=tcp to-addresses=192.168.20.7 to-ports=82
add action=masquerade chain=srcnat src-address=10.20.30.0/24
/ip firewall service-port
set sip disabled=yes
/ip ipsec identity
add disabled=yes peer=istanbul
add peer=TB
/ip ipsec policy
add dst-address=192.168.7.0/24 peer=TB proposal=TB \
sa-dst-address=**.***.242.170 sa-src-address=**.***.11.148 src-address=\
192.168.20.0/24 tunnel=yes
add disabled=yes dst-address=192.168.10.0/24 peer=istanbul src-address=\
192.168.20.0/24 tunnel=yes
/ip route
add distance=1 gateway=**.***.11.145
/ip service
set www-ssl disabled=no
/ip socks
set max-connections=500 port=3629
/ip socks access
add action=deny src-address=!5.96.0.0/12
/ipv6 nd
set [ find default=yes ] advertise-dns=no
/system clock
set time-zone-name=Europe/Istanbul
/system logging
set 0 disabled=yes
set 1 disabled=yes
set 2 disabled=yes
set 3 disabled=yes
add action=remote prefix=hotspot topics=!firewall
/tool user-manager database
set db-path=user-manager
/tool user-manager profile profile-limitation
add from-time=0s limitation=2MBIT profile=STANDART-2MBIT till-time=23h59m59s \
weekdays=sunday,monday,tuesday,wednesday,thursday,friday,saturday
/tool user-manager router
add coa-port=1700 customer=admin disabled=no ip-address=127.0.0.1 log=\
auth-fail name=mikrotik use-coa=no
/tool user-manager user
add customer=admin disabled=no ipv6-dns=:: shared-users=1 username=test \
wireless-enc-algo=none wireless-enc-key="" wireless-psk=""
add customer=admin disabled=no first-name=ibrahim ipv6-dns=:: last-name=\
"u\C5\9Fak" shared-users=2 username=46036213724 wireless-enc-algo=none \
wireless-enc-key="" wireless-psk=""