# apr/05/2023 14:53:07 by RouterOS 7.8
# software id = MSE5-ZZKY
#
# model = C53UiG+5HPaxD2HPaxD
# serial number = HE708M3K3P1
/interface bridge
add name=lan
/interface ethernet
set [ find default-name=ether1 ] comment="A1" name=WAN1 \
    poe-out=off
set [ find default-name=ether2 ] comment="EASYTV" name=WAN2
set [ find default-name=ether3 ] comment=stefan
set [ find default-name=ether4 ] comment="3rd floor"
set [ find default-name=ether5 ] comment=stefan
/interface wifiwave2
set [ find default-name=wifi1 ] configuration.mode=ap .ssid=Mikrotik5 \
    disabled=no
set [ find default-name=wifi2 ] configuration.mode=ap .ssid=Mikrotik \
    disabled=no
/interface wireguard
add listen-port=53231 mtu=1420 name=wireguard1
/interface list
add name=WAN
add name=LAN
/ip pool
add name=dhcp ranges=192.168.100.101-192.168.100.250
/ip dhcp-server
add address-pool=dhcp interface=lan lease-time=1d name=dhcp1
/routing table
add fib name=to_WAN1
add fib name=to_WAN2
/interface bridge port
add bridge=lan interface=ether3
add bridge=lan interface=ether4
add bridge=lan interface=ether5
add bridge=lan interface=wifi1
add bridge=lan interface=wifi2
/interface list member
add interface=WAN1 list=WAN
add interface=WAN2 list=WAN
add interface=lan list=LAN
/interface wireguard peers
add allowed-address=192.168.99.2/32 interface=wireguard1 public-key=\
    "H4APrAYA7deOVfm2fETQybTL0aOEY23eo9s3kHSBCiE="
/ip address
add address=192.168.1.20/24 interface=WAN1 network=192.168.1.0
add address=192.168.100.1/24 interface=lan network=192.168.100.0
add address=192.168.101.20/24 interface=WAN2 network=192.168.101.0
add address=192.168.99.1 interface=wireguard1 network=192.168.99.0
/ip dhcp-server network
add address=192.168.100.0/24 dns-server=1.1.1.1,8.8.8.8 gateway=192.168.100.1 \
    netmask=24
/ip dns
set servers=1.1.1.1,8.8.8.8
/ip firewall mangle
add action=accept chain=prerouting dst-address-list=192.168.1.0/24 \
    in-interface=lan
add action=accept chain=prerouting dst-address-list=192.168.101.0/24 \
    in-interface=lan
add action=mark-connection chain=prerouting connection-mark=no-mark \
    in-interface=WAN1 new-connection-mark=WAN1_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark \
    in-interface=WAN2 new-connection-mark=WAN2_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-type=!local in-interface=lan new-connection-mark=WAN1_conn \
    passthrough=yes per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-type=!local in-interface=lan new-connection-mark=WAN2_conn \
    passthrough=yes per-connection-classifier=both-addresses:2/1
add action=mark-routing chain=prerouting connection-mark=WAN1_conn \
    in-interface=lan new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN2_conn \
    in-interface=lan new-routing-mark=to_WAN2 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN1_conn \
    new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN2_conn \
    new-routing-mark=to_WAN2 passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat out-interface=WAN1
add action=masquerade chain=srcnat out-interface=WAN2
/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
    192.168.1.1 pref-src="" routing-table=to_WAN1 scope=30 \
    suppress-hw-offload=no target-scope=10
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
    192.168.101.1 pref-src="" routing-table=to_WAN2 scope=30 \
    suppress-hw-offload=no target-scope=10
/system clock
set time-zone-name=Europe/Sofia
/system routerboard settings
set auto-upgrade=yes

# apr/06/2023 16:09:56 by RouterOS 7.8
# software id = MSE5-ZZKY
#
# model = C53UiG+5HPaxD2HPaxD
# serial number = HE708M3K3P1
/interface bridge
add name=lan
/interface ethernet
set [ find default-name=ether1 ] comment="A1 " name=WAN1 \
    poe-out=off
set [ find default-name=ether2 ] comment="EASYTV" name=WAN2
set [ find default-name=ether3 ] comment=stefan
set [ find default-name=ether4 ] comment="3rd floor"
set [ find default-name=ether5 ] comment=stefan
/interface wifiwave2
set [ find default-name=wifi1 ] configuration.mode=ap .ssid=Mikrotik5 \
    disabled=no
set [ find default-name=wifi2 ] configuration.mode=ap .ssid=Mikrotik \
    disabled=no
/interface wireguard
add listen-port=53231 mtu=1420 name=wireguard1
/interface list
add name=WAN
add name=LAN
/ip pool
add name=dhcp ranges=192.168.100.101-192.168.100.250
/ip dhcp-server
add address-pool=dhcp interface=lan lease-time=1d name=dhcp1
/routing table
add fib name=to_WAN1
add fib name=to_WAN2
/interface bridge port
add bridge=lan interface=ether3
add bridge=lan interface=ether4
add bridge=lan interface=ether5
add bridge=lan interface=wifi1
add bridge=lan interface=wifi2
/ipv6 settings
set max-neighbor-entries=15360
/interface list member
add interface=WAN1 list=WAN
add interface=WAN2 list=WAN
add interface=lan list=LAN
add interface=wireguard1 list=LAN
/interface wireguard peers
add allowed-address=192.168.99.2/32 comment=a1 interface=wireguard1 \
    public-key="H4APrAYA7deOVfm2fETQybTL0aOEY23eo9s3kHSBCiE="
add allowed-address=192.168.99.3/32 comment=easytv interface=wireguard1 \
    public-key="iowZhns7OHIH8Di+lZ4zpJMzM8Ts+GExi9dOb8CCPGk="
add allowed-address=192.168.99.4/32 comment=phone interface=wireguard1 \
    public-key="RF/lwraS3xUzJUYA7De8PUFlMIDHxPH8OQat5LHTjVI="
/ip address
add address=192.168.1.20/24 interface=WAN1 network=192.168.1.0
add address=192.168.100.1/24 interface=lan network=192.168.100.0
add address=192.168.101.20/24 interface=WAN2 network=192.168.101.0
add address=192.168.99.1 interface=wireguard1 network=192.168.99.0
/ip dhcp-server network
add address=192.168.100.0/24 dns-server=1.1.1.1,8.8.8.8 gateway=192.168.100.1 \
    netmask=24
/ip dns
set servers=1.1.1.1,8.8.8.8
/ip firewall address-list
add address=0.0.0.0/8 comment="Self-Identification [RFC 3330]" list=Bogons
add address=10.0.0.0/8 comment="Private[RFC 1918] - CLASS A # Check if you nee\
    d this subnet before enable it" list=Bogons
add address=127.0.0.0/8 comment="Loopback [RFC 3330]" list=Bogons
add address=169.254.0.0/16 comment="Link Local [RFC 3330]" list=Bogons
add address=172.16.0.0/12 comment="Private[RFC 1918] - CLASS B # Check if you \
    need this subnet before enable it" list=Bogons
add address=192.0.2.0/24 comment="Reserved - IANA - TestNet1" list=Bogons
add address=192.88.99.0/24 comment="6to4 Relay Anycast [RFC 3068]" list=\
    Bogons
add address=198.18.0.0/15 comment="NIDB Testing" list=Bogons
add address=198.51.100.0/24 comment="Reserved - IANA - TestNet2" list=Bogons
add address=203.0.113.0/24 comment="Reserved - IANA - TestNet3" list=Bogons
add address=224.0.0.0/4 comment=\
    "MC, Class D, IANA # Check if you need this subnet before enable it" \
    list=Bogons
/ip firewall filter
add action=accept chain=input comment="allow WireGuard traffic" src-address=\
    192.168.99.0
add action=accept chain=input comment="Wireguard Allow" dst-port=53231 \
    protocol=udp
add action=accept chain=forward comment="defconf: accept established,related" \
    connection-state=established,related
add action=accept chain=input in-interface=wireguard1
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=accept chain=input port=69 protocol=udp
add action=accept chain=forward port=69 protocol=udp
add action=drop chain=forward comment="Drop to bogon list" dst-address-list=\
    Bogons
add action=accept chain=input protocol=icmp
add action=accept chain=input connection-state=established
/ip firewall mangle
add action=accept chain=prerouting dst-address-list=192.168.1.0/24 \
    in-interface=lan
add action=accept chain=prerouting dst-address-list=192.168.101.0/24 \
    in-interface=lan
add action=mark-connection chain=prerouting connection-mark=no-mark \
    in-interface=WAN1 new-connection-mark=WAN1_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark \
    in-interface=WAN2 new-connection-mark=WAN2_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-type=!local in-interface=lan new-connection-mark=WAN1_conn \
    passthrough=yes per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-type=!local in-interface=lan new-connection-mark=WAN2_conn \
    passthrough=yes per-connection-classifier=both-addresses:2/1
add action=mark-routing chain=prerouting connection-mark=WAN1_conn \
    in-interface=lan new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN2_conn \
    in-interface=lan new-routing-mark=to_WAN2 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN1_conn \
    new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN2_conn \
    new-routing-mark=to_WAN2 passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat out-interface=WAN1
add action=masquerade chain=srcnat out-interface=WAN2
/ip route
add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
    192.168.1.1 pref-src="" routing-table=to_WAN1 scope=30 \
    suppress-hw-offload=no target-scope=10
add check-gateway=ping disabled=no distance=2 dst-address=0.0.0.0/0 gateway=\
    192.168.101.1 pref-src="" routing-table=to_WAN2 scope=30 \
    suppress-hw-offload=no target-scope=10
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes

# apr/07/2023 08:02:45 by RouterOS 7.8
# software id = MSE5-ZZKY
#
# model = C53UiG+5HPaxD2HPaxD
# serial number = HE708M3K3P1
/interface bridge
add name=BridgeLAN
/interface ethernet
set [ find default-name=ether1 ] comment="A1" name=WAN1 \
    poe-out=off
set [ find default-name=ether2 ] comment="EASYTV" name=WAN2
set [ find default-name=ether3 ] comment=stefan
set [ find default-name=ether4 ] comment="3rd floor"
set [ find default-name=ether5 ] comment=stefan
/interface wifiwave2
set [ find default-name=wifi1 ] configuration.mode=ap .ssid=Mikrotik5 \
    disabled=no
set [ find default-name=wifi2 ] configuration.mode=ap .ssid=Mikrotik \
    disabled=no
/interface wireguard
add listen-port=13231 mtu=1420 name=wireguard1
/interface list
add name=WAN
add name=LAN
/ip pool
add name=dhcp ranges=192.168.100.101-192.168.100.250
/ip dhcp-server
add address-pool=dhcp interface=BridgeLAN lease-time=1d name=dhcp1
/routing table
add fib name=to_WAN1
add fib name=to_WAN2
/interface bridge port
add bridge=BridgeLAN interface=ether3
add bridge=BridgeLAN interface=ether4
add bridge=BridgeLAN interface=ether5
add bridge=BridgeLAN interface=wifi1
add bridge=BridgeLAN interface=wifi2
/ipv6 settings
set max-neighbor-entries=15360
/interface list member
add interface=WAN1 list=WAN
add interface=WAN2 list=WAN
add interface=BridgeLAN list=LAN
add interface=wireguard1 list=LAN
/interface wireguard peers
add allowed-address=192.168.99.2/32 comment=a1 interface=wireguard1 \
    public-key="H4APrAYA7deOVfm2fETQybTL0aOEY23eo9s3kHSBCiE="
add allowed-address=192.168.99.3/32 comment=easytv interface=wireguard1 \
    public-key="iowZhns7OHIH8Di+lZ4zpJMzM8Ts+GExi9dOb8CCPGk="
add allowed-address=192.168.99.4/32 comment=phone interface=wireguard1 \
    public-key="RF/lwraS3xUzJUYA7De8PUFlMIDHxPH8OQat5LHTjVI="
/ip address
add address=192.168.1.20/24 interface=WAN1 network=192.168.1.0
add address=192.168.100.1/24 interface=BridgeLAN network=192.168.100.0
add address=192.168.101.20/24 interface=WAN2 network=192.168.101.0
add address=192.168.99.1 interface=wireguard1 network=192.168.99.0
/ip dhcp-server network
add address=192.168.100.0/24 dns-server=1.1.1.1,8.8.8.8 gateway=192.168.100.1 \
    netmask=24
/ip dns
set servers=1.1.1.1,8.8.8.8
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input in-interface-list=LAN
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=forward comment="allow internet traffic" \
    in-interface-list=LAN out-interface-list=WAN
add action=accept chain=input comment="allow WireGuard" dst-port=13231 \
    protocol=udp
add action=accept chain=forward comment="allow port forwarding" \
    connection-nat-state=dstnat
add action=drop chain=forward comment="drop all else"
/ip firewall mangle
add action=mark-connection chain=prerouting connection-mark=no-mark \
    in-interface=WAN1 new-connection-mark=WAN1_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark \
    in-interface=WAN2 new-connection-mark=WAN2_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-type=!local in-interface=BridgeLAN new-connection-mark=\
    WAN1_conn passthrough=yes per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-type=!local in-interface=BridgeLAN new-connection-mark=\
    WAN2_conn passthrough=yes per-connection-classifier=both-addresses:2/1
add action=mark-routing chain=prerouting connection-mark=WAN1_conn \
    in-interface=BridgeLAN new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN2_conn \
    in-interface=BridgeLAN new-routing-mark=to_WAN2 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN1_conn \
    new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN2_conn \
    new-routing-mark=to_WAN2 passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat out-interface=WAN1
add action=masquerade chain=srcnat out-interface=WAN2
add action=dst-nat chain=dstnat comment="RDP Stefan PC A1" dst-port=3389 \
    protocol=tcp to-addresses=192.168.100.249 to-ports=3389
/ip route
add check-gateway=ping disabled=no distance=10 dst-address=0.0.0.0/0 gateway=\
    192.168.1.1 pref-src="" routing-table=to_WAN1 scope=30 \
    suppress-hw-offload=no target-scope=10
add check-gateway=ping disabled=no distance=5 dst-address=0.0.0.0/0 gateway=\
    192.168.101.1 pref-src="" routing-table=to_WAN2 scope=30 \
    suppress-hw-offload=no target-scope=10
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes

# apr/08/2023 17:07:06 by RouterOS 7.8
# software id = MSE5-ZZKY
#
# model = C53UiG+5HPaxD2HPaxD
# serial number = HE708M3K3P1
/interface bridge
add name=BridgeLAN
/interface ethernet
set [ find default-name=ether1 ] comment="A1 IP 123.123.123.123" name=WAN1 \
    poe-out=off
set [ find default-name=ether2 ] comment="EASYTV IP 12.12.12.12" name=WAN2
set [ find default-name=ether3 ] comment=stefan
set [ find default-name=ether4 ] comment="3rd floor"
set [ find default-name=ether5 ] comment=stefan
/interface wifiwave2
set [ find default-name=wifi1 ] configuration.mode=ap .ssid=Mikrotik5 \
    disabled=no
set [ find default-name=wifi2 ] configuration.mode=ap .ssid=Mikrotik \
    disabled=no
/interface wireguard
add comment="WG Interface For A1/WAN1" listen-port=13231 mtu=1420 name=\
    wireguard1
add comment="WG Interface for EASYTV/WAN2" disabled=yes listen-port=13231 \
    mtu=1420 name=wireguard2
/interface list
add name=WAN
add name=LAN
/ip pool
add name=dhcp ranges=192.168.100.101-192.168.100.250
/ip dhcp-server
add address-pool=dhcp interface=BridgeLAN lease-time=1d name=dhcp1
/routing table
add fib name=to_WAN1
add fib name=to_WAN2
/interface bridge port
add bridge=BridgeLAN interface=ether3
add bridge=BridgeLAN interface=ether4
add bridge=BridgeLAN interface=ether5
add bridge=BridgeLAN interface=wifi1
add bridge=BridgeLAN interface=wifi2
/ipv6 settings
set max-neighbor-entries=15360
/interface list member
add interface=WAN1 list=WAN
add interface=WAN2 list=WAN
add interface=BridgeLAN list=LAN
add interface=wireguard1 list=LAN
add interface=wireguard2 list=LAN
/interface wireguard peers
add allowed-address=192.168.99.2/32 comment="PC WG WAN1" interface=wireguard1 \
    public-key="H4APrAYA7deOVfm2fETQybTL0aOEY23eo9s3kHSBCiE="
add allowed-address=192.168.98.2/32 comment="PC WG WAN2" disabled=yes \
    interface=wireguard2 public-key=\
    "iowZhns7OHIH8Di+lZ4zpJMzM8Ts+GExi9dOb8CCPGk="
add allowed-address=192.168.99.4/32 comment="Phone WG WAN1" interface=\
    wireguard1 public-key="RF/lwraS3xUzJUYA7De8PUFlMIDHxPH8OQat5LHTjVI="
add allowed-address=192.168.98.4/24 comment="Phone WG WAN2" disabled=yes \
    interface=wireguard2 public-key=\
    "NyjZt96W9I79h5cTct6rEpWk5nYhhgDp7DaQIu9Kw0A="
/ip address
add address=192.168.1.20/24 interface=WAN1 network=192.168.1.0
add address=192.168.100.1/24 interface=BridgeLAN network=192.168.100.0
add address=192.168.101.20/24 interface=WAN2 network=192.168.101.0
add address=192.168.99.1 interface=wireguard1 network=192.168.99.0
add address=192.168.98.0 disabled=yes interface=wireguard2 network=\
    192.168.98.0
/ip dhcp-server network
add address=192.168.100.0/24 dns-server=1.1.1.1,8.8.8.8 gateway=192.168.100.1 \
    netmask=24
/ip dns
set servers=1.1.1.1,8.8.8.8
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="allow WireGuard" dst-port=13231 \
    protocol=udp
add action=accept chain=input in-interface-list=LAN
add action=drop chain=input comment="drop all else"
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=forward comment="allow internet traffic" \
    in-interface-list=LAN out-interface-list=WAN
add action=accept chain=forward dst-address=192.168.100.0/24 in-interface=\
    wireguard1
add action=accept chain=forward comment="allow port forwarding" \
    connection-nat-state=dstnat
add action=drop chain=forward comment="drop all else"
/ip firewall mangle
add action=mark-connection chain=prerouting connection-mark=no-mark \
    in-interface=WAN1 new-connection-mark=WAN1_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark \
    in-interface=WAN2 new-connection-mark=WAN2_conn passthrough=yes
add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-type=!local in-interface=BridgeLAN new-connection-mark=\
    WAN1_conn passthrough=yes per-connection-classifier=both-addresses:2/0
add action=mark-connection chain=prerouting connection-mark=no-mark \
    dst-address-type=!local in-interface=BridgeLAN new-connection-mark=\
    WAN2_conn passthrough=yes per-connection-classifier=both-addresses:2/1
add action=mark-routing chain=prerouting connection-mark=WAN1_conn \
    in-interface=BridgeLAN new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN2_conn \
    in-interface=BridgeLAN new-routing-mark=to_WAN2 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN1_conn \
    new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=output connection-mark=WAN2_conn \
    new-routing-mark=to_WAN2 passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat out-interface=WAN1
add action=masquerade chain=srcnat out-interface=WAN2
add action=dst-nat chain=dstnat comment="Mario ASUS RDP A1" dst-port=2323 \
    in-interface=WAN1 protocol=tcp to-addresses=192.168.100.236 to-ports=3389
add action=dst-nat chain=dstnat comment="Mario ASUS RDP EASYTV" dst-port=2323 \
    in-interface=WAN2 protocol=tcp to-addresses=192.168.100.236 to-ports=3389
add action=dst-nat chain=dstnat comment="StefanPC RDP EASYTV" in-interface=\
    WAN2 protocol=tcp to-addresses=192.168.100.249 to-ports=3389
add action=dst-nat chain=dstnat comment="StefanPC RDP A1" in-interface=WAN1 \
    protocol=tcp to-addresses=192.168.100.249 to-ports=3389
/ip route
add check-gateway=ping disabled=no distance=5 dst-address=0.0.0.0/0 gateway=\
    192.168.1.1 pref-src="" routing-table=to_WAN1 scope=30 \
    suppress-hw-offload=no target-scope=10
add disabled=no distance=10 dst-address=0.0.0.0/0 gateway=192.168.101.1 \
    pref-src="" routing-table=to_WAN2 scope=30 suppress-hw-offload=no \
    target-scope=10
add comment="TEST wireguard route! " disabled=yes distance=1 dst-address=\
    192.168.99.0/24 gateway=192.168.1.1 pref-src="" routing-table=main scope=\
    30 suppress-hw-offload=no target-scope=10
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=Europe/Sofia

/routing rule add action=lookup-only-in-table src-address=IP-of-WAN-2 table=To-WAN2 { ensures if both WANs are up, that a handshake on WG2 will go back out WAN2 }