# dec/27/2022 21:14:00 by RouterOS 6.49.7
# software id = HHVU-7R5F
#
# model = RBcAPGi-5acD2nD
# serial number = xxxxxxxxxx
/interface bridge
add admin-mac=2C:C8:1B:1A:65:6F auto-mac=no comment=defconf name=bridge
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk eap-methods="" mode=dynamic-keys name=polve supplicant-identity=""
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-XX disabled=no distance=indoors frequency=2452 installation=indoor \
mode=ap-bridge name=WIFI2.4 security-profile=polve ssid=BlackNet station-roaming=enabled wireless-protocol=802.11
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX disabled=no distance=indoors frequency=5220 installation=\
indoor mode=ap-bridge name=WIFI5 security-profile=polve ssid=BlackNet station-roaming=enabled wireless-protocol=802.11
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
/user group
set full policy=local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,password,web,sniff,sensitive,api,romon,dude,tikapp
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=WIFI2.4
add bridge=bridge comment=defconf interface=WIFI5
add bridge=bridge interface=ether1
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=ether1 list=WAN
add interface=ether2 list=LAN
add interface=WIFI5 list=LAN
add interface=WIFI2.4 list=LAN
/ip address
add address=192.168.0.9/24 comment=defconf disabled=yes interface=ether2 network=192.168.0.0
/ip dhcp-client
add disabled=no interface=bridge
/ip dhcp-server network
add address=0.0.0.0/24 comment=defconf gateway=0.0.0.0 netmask=24
/ip dns
set allow-remote-requests=yes servers=192.168.0.5
/ip dns static
add address=192.168.0.9 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new \
in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" disabled=yes ipsec-policy=out,none out-interface-list=WAN
/ip route
add disabled=yes distance=1 gateway=192.168.0.4
/ip service
set winbox address=192.168.0.191/32
/system clock
set time-zone-name=Europe/Rome
/system routerboard mode-button
set enabled=yes on-event=dark-mode
/system script
add comment=defconf dont-require-permissions=no name=dark-mode owner=*sys policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="\r\
\n :if ([system leds settings get all-leds-off] = \"never\") do={\r\
\n /system leds settings set all-leds-off=immediate \r\
\n } else={\r\
\n /system leds settings set all-leds-off=never \r\
\n }\r\
\n "
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN