Hello,

This is my /ip firewall filter print:
When the last drop rule is enabled, none of my allowed devices have internet access, but as soon as I disable the drop rule, everything works fine.

I'm going to allow only some specific mac addresses to allow but I was unable to do so.

I connect to my Mikrotik via Wi-Fi network.

I googled but wasn't able to find docs or helps I'm going to reach.

How can I filter and allow only some specific mac addresses to connect or even have internet access through my Mikrotik wireless network?

Why do you want to use firewall rules, they are for layer3 traffic. if you need something else, I believe you may have success under bridge filters???

Why do you want to use firewall rules, they are for layer3 traffic. if you need something else, I believe you may have success under bridge filters???

Thanks, but I have nothing in Bridge section.
I just added the same rules in bridge filters, and finally added a drop forward chain, but it didn't work.

I didn't know the firewall rules are for layer3 traffic (I don't know what the 7 layers mean exactly, I'm going to read about them).

#5 rule drop all from internet (in chain forward)

"src-mac-address=some_mac_address"
What about dst?

#5 rule drop all from internet (in chain forward)

Thanks, but I didn't understand what do you mean. My last rule drop all from internet but in the other rules with higher priority than the last one, I stated to allow some mac-addresses.

"src-mac-address=some_mac_address"
What about dst?

Doesn't this mean this sentence?
If src-mac-address is my laptop for example, then allow this mac address.

But what do you mean by the dst-mac? My laptop connects to Mikrotik and Mikrotik again sends the data to my laptop. Do you mean in this case, I should assign the dst to my laptop again?
I mean both src and dst should be the same?

"src-mac-address=some_mac_address"
What about dst?

Doesn't this mean this sentence?
If src-mac-address is my laptop for example, then allow this mac address.

But what do you mean by the dst-mac? My laptop connects to Mikrotik and Mikrotik again sends the data to my laptop. Do you mean in this case, I should assign the dst to my laptop again?
I mean both src and dst should be the same?

No, use ip->firewall->connections to see how the Internet works
Use a standart firewall!

https://help.mikrotik.com/docs/display/ ... t+Firewall

Thanks for the doc. I read it before, but didn't understand it to how to reach what I'm looking for.

Doesn't this mean this sentence?
If src-mac-address is my laptop for example, then allow this mac address.

But what do you mean by the dst-mac? My laptop connects to Mikrotik and Mikrotik again sends the data to my laptop. Do you mean in this case, I should assign the dst to my laptop again?
I mean both src and dst should be the same?

No, use ip->firewall->connections to see how the Internet works
Use a standart firewall!

I know a little about how internet works:) I'm not that much un-familiar with this concept because of my work, but up to my knowledge, I tried to figure out the docs and do but I 've not yet succeded.

I solved it by this link: https://www.uobabylon.edu.iq/eprints/pu ... 5_1412.pdf
In my case, it's working.

If this solution is not a good one, I'll be happy to hear the reason and find a better solution.

Well obviously I thought we were dealing with a router not an access point, which all radio setups have mac-filtering setup for layer2 traffic control ( NOT fw rules )
Again, i should have read more closely, glad you got it sorted.

Well obviously I thought we were dealing with a router not an access point, which all radio setups have mac-filtering setup for layer2 traffic control ( NOT fw rules )

Oops, yes that's an access point.
In fact, I'm using Mikrotik as extender in my house, to extend the ADSL modem to the bedrooms. In the bedrooms I have weak signals from my ADSL modem.