Hello all,
I’ve noticed that tons of people were trying to get in my home network through “brute force” via ssh. I changed the ssh port to something else and now I get much less brutes.
To add more security to my home network, I am wondering if anybody knows how to set up a mac address white list filter for ssh, telnet, and web portal??? Basically, I am trying to have a config where I have a small list of devices that are only capable of getting into my home network.
Keep in mind that I am totally new to the world of microtiks. I can work with it if guided correctly though 
. Also, if you have other ideas to ensure security, then I am all ears.
Thank you in advanced. 
MAC filtering won’t work when the brute force is coming from the internet. So IP filtering is an option. Go to IP then choose Services and then you put in the TAB “available from” the IP or IP’s or IP ranges that should have access.
Secondly you can put in the IP Firewall RAW an drop filter on not services (ports) that you offer to the internet. So your ports as destination.
/ip firewall raw
add action=drop chain=prerouting comment="Pre-filter TCP" dst-port=!25,80,443 in-interface=pppoe-out log-prefix=\
"New drop" protocol=tcp tcp-flags=syn,!fin,!rst,!psh,!ack,!urg,!ece,!cwr
So I offer SMTP, HTTP and HTTPS and the tcp flags bit is saying new connection.
If your want only your SSH should be available then you change the dst-port=!25,80,443 in dst-port=!22