/interface bridge
add admin-mac=18:FD:74:2C:3D:AA auto-mac=no comment=defconf name=bridge
add name=bridge1 vlan-filtering=yes
/interface ethernet
set [ find default-name=ether1 ] l2mtu=1596 mac-address=18:FD:74:2C:3D:A9 name=ether1-WAN
set [ find default-name=ether2 ] l2mtu=1596 mac-address=18:FD:74:2C:3D:AA
set [ find default-name=ether3 ] l2mtu=1596 mac-address=18:FD:74:2C:3D:AB
set [ find default-name=ether4 ] l2mtu=1596 mac-address=18:FD:74:2C:3D:AC
set [ find default-name=ether5 ] l2mtu=1596 mac-address=18:FD:74:2C:3D:AD
/interface vlan
add interface=bridge1 name=SIero_LAN vlan-id=111
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=10.10.10.50-10.10.10.150
add name=dhcp_pool1 ranges=10.10.11.50-10.10.11.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
add address-pool=dhcp_pool1 disabled=no interface=SIero_LAN lease-time=8h10m name=Siero_LAN
/ppp profile

/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge1 frame-types=admit-only-untagged-and-priority-tagged interface=ether5 pvid=111
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface bridge vlan
add bridge=bridge1 untagged=ether5 vlan-ids=111
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1-WAN list=WAN
/interface ovpn-server server

/ip address
add address=10.10.10.1/24 comment=defconf interface=bridge network=10.10.10.0
add address=10.10.11.1/24 interface=SIero_LAN network=10.10.11.0
/ip dhcp-client
add comment=defconf disabled=no interface=ether1-WAN
/ip dhcp-server network
add address=10.10.10.0/24 comment=defconf gateway=10.10.10.1 netmask=24
add address=10.10.11.0/24 dns-server=8.8.8.8,8.8.4.4 gateway=10.10.11.1 netmask=24
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=10.10.10.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid log=yes
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=accept chain=input dst-port=1194 log=yes protocol=tcp
add action=accept chain=input dst-address=10.10.10.0/24 log=yes src-address=10.10.20.0/24
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN log=yes
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
/ip smb
set enabled=yes
/ip smb shares
set [ find default=yes ] directory=/Siero_Disck
/ppp secret
add name=mateusz password=mateusz1234 profile=vpnprofile service=ovpn
/system clock
set time-zone-name=Europe/Warsaw
/system identity
set name=SieroRTR
/system routerboard settings
set boot-os=router-os
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN