Hello.
I have a list of MAC addresses which I would like to log when they connect to WAN from Internet.
Is this possible, and how ?
Thank You in advance.
My take:
Depends on the size of your list.
Firewall raw rule, prerouting, and then 1 rule per src MAC address with action log.
Not sure you can use a list for MAC addresses … but this creation process can be made easier a bit with some smart scripting.
Isn’t it more logical to log simply all connections from WAN (should be done anyhow for monitoring, I think ?) and then only filter out those MAC addresses you specifically need for your purpose ?
If the connections are to your WAN from the Internet MAC addresses will not available.
Damn, didn’t know that.
Oh not to worry, there will be far too many opportunities to re-live that reality. 
O.. well.. So it is not possible ? 
Pity.
Actually I maybe made the question too general.
The situation is as follow :
- I have a Dahua NVR, and when someone connect to it - I need to log it’s MAC address, and if the MAC is not in a specific list - to deny access.
( if this give a better options )
MAC addresses are only relevant within an ethernet / layer-2 network, once the IP contents a router and forwarded elsewhere the originating MAC address is no longer known.
Within any individual router the MAC-to-IP mappings are known for the locally-attached ethernet networks, if you wish to control access to your NVR from devices on a local network you can use MAC source addresses, but not for remote devices as the information is just not available.
Using MAC addresses for authorisation is generally a bad idea - they are easily spoofed allowing other to impersonate a ‘trusted’ device, and more recently Android & iOS have introduced random fake MAC addresses when you connect to a WiFi network to prevent your MAC address from being tracked.
The correct way of setting up limited remote access would be to create a VPN server on your Mikrotik, and provide credentials and/or certificates to remote users.
Now as You wrote this and I did a research on it, seems like You are right on this.
Thank You guys !