ccollicutt/default Mikrotik configuration script

## default Mikrotik configuration script
#| WAN (gateway) Configuration:
#|  gateway:        ether1  (renamed with extension '-gateway');
#|  firewall:       enabled;
#|  NAT:            enabled;
#|  DHCP Client:    enabled;
#|
#| LAN Configuration:
#|  LAN Port:       bridge-local;
#|  switch group:   ether6 (master), ether7, ether8, ether9, ether10
#|          (renamed with extensions '-master-local' and '-slave-local')
#|  LAN IP:         192.168.88.1;
#|  DHCP Server:    enabled;

:global action "apply;
:local dhcpEnabled 0;
:local wirelessEnabled 0;

#check for wireless and dhcp packages
:if ([:len [/system package find name="dhcp" !disabled]] != 0) do={
:set dhcpEnabled 1;
}
:if ([:len [/system package find name="wireless" !disabled]] != 0) do={
:set wirelessEnabled 1;
}

#-------------------------------------------------------------------------------
# Apply configuration.
# these commands are executed after installation or configuration reset
#-------------------------------------------------------------------------------
:if ($action = "apply") do={
# wait for interfaces
:while ([/interface ethernet find] = "") do={ :delay 1s; };

    /interface set ether1 name="ether1-gateway";
    :if ( $dhcpEnabled = 1) do={
            /ip dhcp-client add interface=ether1-gateway disabled=no comment="default configuration";
    }

    /interface {
            set ether6 name=ether6-master-local;
            set ether7 name=ether7-slave-local;
            set ether8 name=ether8-slave-local;
            set ether9 name=ether9-slave-local;
            set ether10 name=ether10-slave-local;
    }
    /interface ethernet {
            set ether7-slave-local master-port=ether6-master-local;
            set ether8-slave-local master-port=ether6-master-local;
            set ether9-slave-local master-port=ether6-master-local;
            set ether10-slave-local master-port=ether6-master-local;
    }

    /interface bridge
            add name=bridge-local disabled=no auto-mac=no protocol-mode=rstp;
    :local bMACIsSet 0;
    :foreach k in=[/interface find] do={
            :local tmpPortName [/interface get $k name];
            :if (!($tmpPortName~"bridge"  || $tmpPortName~"ether1"|| $tmpPortName~"slave")) do={
                    :if ($bMACIsSet = 0) do={
                            :if ([/interface get $k type] = "ether") do={
                                    /interface bridge set "bridge-local" admin-mac=[/interface ethernet get $tmpPortName mac-address];
                                    :set bMACIsSet 1;
                            }
                    }
                    /interface bridge port
                            add bridge=bridge-local interface=$tmpPortName;
            }
    }
    /ip address add address=192.168.88.1/24 interface=bridge-local comment="default configuration";
    :if ($dhcpEnabled = 1) do={
            /ip pool add name="default-dhcp" ranges=192.168.88.10-192.168.88.254;
            /ip dhcp-server
                    add name=default address-pool="default-dhcp" interface=bridge-local disabled=no;
            /ip dhcp-server network
                    add address=192.168.88.0/24 gateway=192.168.88.1 dns-server=192.168.88.1 comment="default configuration";
    }
    /ip firewall nat add chain=srcnat out-interface=ether1-gateway action=masquerade comment="default configuration"
    /ip firewall {
            filter add chain=input action=accept protocol=icmp comment="default configuration"
            filter add chain=input action=accept connection-state=established comment="default configuration"
            filter add chain=input action=accept connection-state=related comment="default configuration"
            filter add chain=input action=drop in-interface=ether1-gateway comment="default configuration"
              filter add chain=forward action=accept connection-state=established comment="default configuration"
              filter add chain=forward action=accept connection-state=related comment="default configuration"
              filter add chain=forward action=drop connection-state=invalid comment="default configuration"
    }
    /tool mac-server disable [find];
    /tool mac-server mac-winbox disable [find];
    :foreach k in=[/interface find] do={
            :local tmpName [/interface get $k name];
            :if (!($tmpName~"ether1")) do={
                    /tool mac-server add interface=$tmpName disabled=no;
                    /tool mac-server mac-winbox add interface=$tmpName disabled=no;
            }
    }
    /ip neighbor discovery set [find name="ether1-gateway"] discover=no
    /ip dns {
            set allow-remote-requests=yes
            static add name=router address=192.168.88.1
    }

}
	#\| WAN (gateway) Configuration:
	#\| gateway: ether1 (renamed with extension '-gateway');
	#\| firewall: enabled;
	#\| NAT: enabled;
	#\| DHCP Client: enabled;
	#\|
	#\| LAN Configuration:
	#\| LAN Port: bridge-local;
	#\| switch group: ether6 (master), ether7, ether8, ether9, ether10
	#\| (renamed with extensions '-master-local' and '-slave-local')
	#\| LAN IP: 192.168.88.1;
	#\| DHCP Server: enabled;

	:global action "apply;
	:local dhcpEnabled 0;
	:local wirelessEnabled 0;

	#check for wireless and dhcp packages
	:if ([:len [/system package find name="dhcp" !disabled]] != 0) do={
	:set dhcpEnabled 1;
	}
	:if ([:len [/system package find name="wireless" !disabled]] != 0) do={
	:set wirelessEnabled 1;
	}

	#-------------------------------------------------------------------------------
	# Apply configuration.
	# these commands are executed after installation or configuration reset
	#-------------------------------------------------------------------------------
	:if ($action = "apply") do={
	# wait for interfaces
	:while ([/interface ethernet find] = "") do={ :delay 1s; };

	/interface set ether1 name="ether1-gateway";
	:if ( $dhcpEnabled = 1) do={
	/ip dhcp-client add interface=ether1-gateway disabled=no comment="default configuration";
	}

	/interface {
	set ether6 name=ether6-master-local;
	set ether7 name=ether7-slave-local;
	set ether8 name=ether8-slave-local;
	set ether9 name=ether9-slave-local;
	set ether10 name=ether10-slave-local;
	}
	/interface ethernet {
	set ether7-slave-local master-port=ether6-master-local;
	set ether8-slave-local master-port=ether6-master-local;
	set ether9-slave-local master-port=ether6-master-local;
	set ether10-slave-local master-port=ether6-master-local;
	}

	/interface bridge
	add name=bridge-local disabled=no auto-mac=no protocol-mode=rstp;
	:local bMACIsSet 0;
	:foreach k in=[/interface find] do={
	:local tmpPortName [/interface get $k name];
	:if (!($tmpPortName~"bridge" \|\| $tmpPortName~"ether1"\|\| $tmpPortName~"slave")) do={
	:if ($bMACIsSet = 0) do={
	:if ([/interface get $k type] = "ether") do={
	/interface bridge set "bridge-local" admin-mac=[/interface ethernet get $tmpPortName mac-address];
	:set bMACIsSet 1;
	}
	}
	/interface bridge port
	add bridge=bridge-local interface=$tmpPortName;
	}
	}
	/ip address add address=192.168.88.1/24 interface=bridge-local comment="default configuration";
	:if ($dhcpEnabled = 1) do={
	/ip pool add name="default-dhcp" ranges=192.168.88.10-192.168.88.254;
	/ip dhcp-server
	add name=default address-pool="default-dhcp" interface=bridge-local disabled=no;
	/ip dhcp-server network
	add address=192.168.88.0/24 gateway=192.168.88.1 dns-server=192.168.88.1 comment="default configuration";
	}
	/ip firewall nat add chain=srcnat out-interface=ether1-gateway action=masquerade comment="default configuration"
	/ip firewall {
	filter add chain=input action=accept protocol=icmp comment="default configuration"
	filter add chain=input action=accept connection-state=established comment="default configuration"
	filter add chain=input action=accept connection-state=related comment="default configuration"
	filter add chain=input action=drop in-interface=ether1-gateway comment="default configuration"
	filter add chain=forward action=accept connection-state=established comment="default configuration"
	filter add chain=forward action=accept connection-state=related comment="default configuration"
	filter add chain=forward action=drop connection-state=invalid comment="default configuration"
	}
	/tool mac-server disable [find];
	/tool mac-server mac-winbox disable [find];
	:foreach k in=[/interface find] do={
	:local tmpName [/interface get $k name];
	:if (!($tmpName~"ether1")) do={
	/tool mac-server add interface=$tmpName disabled=no;
	/tool mac-server mac-winbox add interface=$tmpName disabled=no;
	}
	}
	/ip neighbor discovery set [find name="ether1-gateway"] discover=no
	/ip dns {
	set allow-remote-requests=yes
	static add name=router address=192.168.88.1
	}

	}