block from mac address

hi people!

i need to block from router (mikrotik off course) a certain device from dhcp server, and I have to use the mac address…

Is it possible create a “MAC ADDRESS LIST BLACK LIST” (or something similiar) and create just one: chain=forward----“BLACK-LIST”—Action=Drop

what I do now is, make static that mac address, and create a specific rule from that address (IP, not MAC ADDRESS). example: chain=forward-----dest-ipaddress=“IP ADDRESS”----action=drop

but i need to create a rule with mac address, not IP (i shoulda no bypass dhcp server)

THX anyone!

As far as I know there is no mac version of an address list. You could also do the opposite… e.g. static ARP and allow only certain devices.

sorry, i don’t explain so well…

I have a simple dhcp server, for example:

Mikrotik router has 192.168.1.1

DHCP server from 192.168.1.10 to 192.168.1.30

ok.

Now, for example, have 5 host connected in dhcp server. For example have:

PC1 - IP released 192.168.1.10 and Mac address: 00:00:00:00:00:01 (EXAMPLE!)
PC2 - IP released 192.168.1.11 and Mac address: 00:00:00:00:0A:01
PC3 - IP released 192.168.1.12 and Mac address: 00:00:00:00:01:01
PC4 - IP released 192.168.1.13 and Mac address: 00:00:00:0A:0A:01
PC5 - IP released 192.168.1.14 and Mac address: 00:00:00:0A:00:01

Now, i need a rule to block for example, PC4 and PC5, but only from its MAC ADDRESS. Not from IP…

How can i go?

Ok, i resolve in the best way (complete’s one).

FIRST:

MANGLE RULES:
Chain=Forward Src-MacAddress=00:00:00:AA:BB:CC action=Mark packet → “PACK”

AND

Chain=Forward Packet Mark=“PACK” action=Mark Connection → “CONN”

LAST:

FIREWALL RULE:
Chain=Forward Mark connection=“CONN” Action=Drop


N.B. for any new mac address, I have to repeat only the first raw w/new macc address…

it works brilliant, but i’d like to know, if is possible create in mikrotik, an address list of IP ADDRESS and/or MAC ADDRESS