welbymcroberts/gist:6452046

## gistfile1.txt
/interface bridge
add l2mtu=1598 name=LAN
/interface ethernet
set 2 master-port=ether2
set 3 master-port=ether2
set 4 master-port=ether2
/interface wireless security-profiles
add authentication-types=wpa2-psk eap-methods=passthrough management-protection=allowed mode=dynamic-keys name=149 supplicant-identity="" wpa2-pre-shared-key=149149149149
/interface wireless
set 0 band=2ghz-b/g/n channel-width=20/40mhz-ht-above frequency=2427 security-profile=149 ssid=149
/ip pool
add name=dhcp_pool1 ranges=192.168.0.100-192.168.0.200
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=LAN name=dhcp1
/ppp profile
add change-tcp-mss=yes incoming-filter=BTPPPOE_IN name=BTPPPOE
only-one=yes use-ipv6=no
/interface pppoe-client
add add-default-route=yes disabled=no interface=ether1 name=BTPPPoE password=password profile=BTPPPOE user=bthomehub@btbroadband.com
/interface bridge port
add bridge=LAN interface=ether2
add bridge=LAN interface=wlan1
/ip address
add address=192.168.0.1/24 interface=LAN
/ip dhcp-server network
add address=192.168.0.0/24 dns-server=192.168.0.1 gateway=192.168.0.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
/ip firewall filter
add action=jump chain=input jump-target=ppp
add action=jump chain=forward jump-target=ppp
add action=jump chain=BTPPPOE_IN comment="Jump to Common Input rules" jump-target=input_common
add action=drop chain=BTPPPOE_IN comment="Drop the BT Vision stuff" dst-address=224.0.0.0/24 protocol=igmp
add chain=BTPPPOE_IN comment="SSH to Bastion (NAT)" connection-state=new dst-address=10.255.102.3 dst-port=22 protocol=tcp
add action=jump chain=BTPPPOE_IN comment="Jump to Drop_and_log" jump-target=DROP_AND_LOG
add chain=input_common comment="Accept established connections" connection-state=established
add chain=input_common comment="Accept related connections" connection-state=related
add action=log chain=input_common comment="Drop invalid connections" connection-state=invalid log-prefix=INVALID
add action=drop chain=input_common comment="Drop invalid connections" connection-state=invalid
add chain=input_common comment="SHHENNNDDD ONE PING ONLY" icmp-options=8 limit=1/1m,0 protocol=icmp
add action=drop chain=input_common comment="SHHENNNDDD ONE PING ONLY" icmp-options=8 protocol=icmp
add action=log chain=DROP_AND_LOG comment="Log everything else"
add action=drop chain=DROP_AND_LOG comment="Drop everything else"
/ip firewall nat
add action=jump chain=srcnat comment="Jumpt to SourceNats" jump-target=SourceNats
add action=masquerade chain=SourceNats comment="Masquerade everything leaving on the BTPPPoE Interface" out-interface=BTPPPoE
add action=jump chain=dstnat comment="Jumpt to Portforwards" jump-target=PortForwards
add action=dst-nat chain=PortForwards comment="SSHd on BTPPPoE to Bastion" dst-port=22 in-interface=BTPPPoE protocol=tcp to-addresses=10.255.102.3
	/interface bridge
	add l2mtu=1598 name=LAN
	/interface ethernet
	set 2 master-port=ether2
	set 3 master-port=ether2
	set 4 master-port=ether2
	/interface wireless security-profiles
	add authentication-types=wpa2-psk eap-methods=passthrough management-protection=allowed mode=dynamic-keys name=149 supplicant-identity="" wpa2-pre-shared-key=149149149149
	/interface wireless
	set 0 band=2ghz-b/g/n channel-width=20/40mhz-ht-above frequency=2427 security-profile=149 ssid=149
	/ip pool
	add name=dhcp_pool1 ranges=192.168.0.100-192.168.0.200
	/ip dhcp-server
	add address-pool=dhcp_pool1 disabled=no interface=LAN name=dhcp1
	/ppp profile
	add change-tcp-mss=yes incoming-filter=BTPPPOE_IN name=BTPPPOE
	only-one=yes use-ipv6=no
	/interface pppoe-client
	add add-default-route=yes disabled=no interface=ether1 name=BTPPPoE password=password profile=BTPPPOE user=bthomehub@btbroadband.com
	/interface bridge port
	add bridge=LAN interface=ether2
	add bridge=LAN interface=wlan1
	/ip address
	add address=192.168.0.1/24 interface=LAN
	/ip dhcp-server network
	add address=192.168.0.0/24 dns-server=192.168.0.1 gateway=192.168.0.1
	/ip dns
	set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4
	/ip firewall filter
	add action=jump chain=input jump-target=ppp
	add action=jump chain=forward jump-target=ppp
	add action=jump chain=BTPPPOE_IN comment="Jump to Common Input rules" jump-target=input_common
	add action=drop chain=BTPPPOE_IN comment="Drop the BT Vision stuff" dst-address=224.0.0.0/24 protocol=igmp
	add chain=BTPPPOE_IN comment="SSH to Bastion (NAT)" connection-state=new dst-address=10.255.102.3 dst-port=22 protocol=tcp
	add action=jump chain=BTPPPOE_IN comment="Jump to Drop_and_log" jump-target=DROP_AND_LOG
	add chain=input_common comment="Accept established connections" connection-state=established
	add chain=input_common comment="Accept related connections" connection-state=related
	add action=log chain=input_common comment="Drop invalid connections" connection-state=invalid log-prefix=INVALID
	add action=drop chain=input_common comment="Drop invalid connections" connection-state=invalid
	add chain=input_common comment="SHHENNNDDD ONE PING ONLY" icmp-options=8 limit=1/1m,0 protocol=icmp
	add action=drop chain=input_common comment="SHHENNNDDD ONE PING ONLY" icmp-options=8 protocol=icmp
	add action=log chain=DROP_AND_LOG comment="Log everything else"
	add action=drop chain=DROP_AND_LOG comment="Drop everything else"
	/ip firewall nat
	add action=jump chain=srcnat comment="Jumpt to SourceNats" jump-target=SourceNats
	add action=masquerade chain=SourceNats comment="Masquerade everything leaving on the BTPPPoE Interface" out-interface=BTPPPoE
	add action=jump chain=dstnat comment="Jumpt to Portforwards" jump-target=PortForwards
	add action=dst-nat chain=PortForwards comment="SSHd on BTPPPoE to Bastion" dst-port=22 in-interface=BTPPPoE protocol=tcp to-addresses=10.255.102.3