Firewall Rule to allow device without port knocking?

I have a firewall setup with port knocking but would like to be able to allow specific devices to connect without doing a port knock. I was hopping to do a firewall rule based on src mac but everone gets the same src mac address so that wont work!


Any advice on if this is possible? I assume everyone is getting the same src mac from a downstream router at my isp?

Thanks!

MAC addresses are NOT sent from users on the internet to your router, as you have found out.

You could use IP addresses, if the devices on the Internet has a STATIC IP address… or a RANGE of IP addresses.

Other than IP address and port knocking, there is nothing to initially identify a device out there on the internet.