Hi
I am trying to install pihole on my mikrotik hap ac^2
I am not able to ping veth1 from the terminal.
When I try to import a container from urlremoved I get an error.
Can someone tell me what is wrong with my configuration?

Here is my entire configuration on my hap ac^2
[admin@Jaobs] > export
# 2024-03-23 16:34:16 by RouterOS 7.14.1
# software id = VPA9-PDGU
#
# model = RBD52G-5HacD2HnD
# serial number = HFF092NN7DG
/interface bridge
add admin-mac=78:9A:18:D2:37:6A auto-mac=no comment=defconf name=bridge port-cost-mode=short
add name=bridge-pihole
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX country="united states3" disabled=no distance=indoors frequency=auto installation=indoor mode=ap-bridge ssid=Jacobpihole \
wireless-protocol=802.11
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX disabled=no distance=indoors frequency=auto installation=indoor mode=ap-bridge ssid=Jacobpihole wireless-protocol=802.11
/interface veth
add address=10.10.7.2/24 gateway=10.10.7.1 gateway6=:: name=veth1
/container mounts
add dst=/etc/dnsmasq.d name=dnsmasq_pihole src=/usb1/etc-dnsmasq.d
add dst=/etc/pihole name=etc_pihole src=/usb1/etc
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface lte apn
set [ find default=yes ] ip-type=ipv4 use-network-apn=no
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys supplicant-identity=MikroTik
/ip pool
add name=dhcp ranges=192.168.77.10-192.168.77.254
/ip dhcp-server
add address-pool=dhcp interface=bridge lease-time=10m name=defconf
/container
add interface=veth1 root-dir=usb1/pihole
/container config
set registry-url=url-removed tmpdir=usb1/pull username=root
/container envs
add key=TZ name=pihole_envs value=America/Toronto
add key=WEBPASSWORD name=pihole_envs value=mysecurepassword
add key=DNSMASQ_USER name=pihole_envs value=root
/interface bridge port
add bridge=bridge comment=defconf ingress-filtering=no interface=ether2 internal-path-cost=10 path-cost=10
add bridge=bridge comment=defconf ingress-filtering=no interface=ether3 internal-path-cost=10 path-cost=10
add bridge=bridge comment=defconf ingress-filtering=no interface=ether4 internal-path-cost=10 path-cost=10
add bridge=bridge comment=defconf ingress-filtering=no interface=ether5 internal-path-cost=10 path-cost=10
add bridge=bridge comment=defconf ingress-filtering=no interface=wlan1 internal-path-cost=10 path-cost=10
add bridge=bridge comment=defconf ingress-filtering=no interface=wlan2 internal-path-cost=10 path-cost=10
add bridge=bridge-pihole interface=veth1
/ip firewall connection tracking
set udp-timeout=10s
/ip neighbor discovery-settings
set discover-interface-list=LAN
/ip settings
set max-neighbor-entries=8192
/ipv6 settings
set disable-ipv6=yes max-neighbor-entries=8192
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/interface ovpn-server server
set auth=sha1,md5
/ip address
add address=192.168.77.1/24 comment=defconf interface=bridge network=192.168.77.0
add address=10.10.7.1/24 interface=bridge-pihole network=10.10.7.0
/ip dhcp-client
add comment=defconf interface=ether1
/ip dhcp-server network
add address=192.168.77.0/24 comment=defconf dns-server=10.10.7.2 gateway=192.168.77.1 netmask=24
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.77.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input dst-port=8291 protocol=tcp
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=yes
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat src-address=10.10.7.0/24
/routing bfd configuration
add disabled=no interfaces=all min-rx=200ms min-tx=200ms multiplier=5
/system clock
set time-zone-name=America/Toronto
/system identity
set name=Jaobs
/system note
set show-at-login=no
/system routerboard settings
set cpu-frequency=716MHz
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
[admin@Jaobs] >

It's blocked by firewall. Specifically the default !LAN input drop rule:

/ip firewall filter add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN

since bridge-pihole is not a member of the LAN /interface/list

Several ways to allow. But this be easiest to add to the LAN interface list: Note it's using the 2nd bridge — not specifically VETH1 — once VETH1 is a bridge port....the bridge containing the port become the interface for Layer3/IP routing.