PORT1 connect to LAN device 192.168.1.1
PORT2 connect to LAN device 192.168.1.2 with MAC xx:xx:xx:xx:xx:xx and further client devices 192.168.1.3-1.254
PORT3 connect to LAN 192.168.2.x
All Clients on PORT2 192.168.1.2-192.168.1.254 should be able to access PORT1
Client 192.168.1.2 on PORT2 should be able to access PORT3 based on IP and MAC filtering (for example allow access to 192.168.2.20), all other clients on PORT2 should not be able to access PORT3
How can this be implemented with Mikrotik RB260GS?
What you describe cannot be achieved using RB260GS. Your device is a switch, not a router. And while it has some limited (up to 16 simple rules) MAC/IP-based filtering support, it is not suitable for bridging two different IP networks (192.168.1.x and 192.168.2.x in your case).
It should be possible for a small number of hosts (there’s a limit on the max. number of entries (rules) in the ACL).
I suggest you look through the documentation first, then ask specific questions here, if any.
You cannot really use placeholders, but you can specify IP/mask pair to refer to subnets instead of individual hosts. For instance, 192.168.1.128/25 will give you the 192.168.1.128-192.168.1.255 range, however the range that you gave as an example (192.168.1.2-192.168.1.254) cannot be represented this way.