I set in bridge's NAT several rules that accept specific MAC Addresses via ether1 and ether2 after that rules I set rule that drop all other connection witch means all other MAC Addresses will be drop from my network. It's look like that:
Code: Select all
/interface bridge nat
add action=accept chain=dstnat src-mac-address=A0:CE:CA:0A:7A:BA/FF:FF:FF:FF:FF:FF
add action=accept chain=dstnat src-mac-address=4E:8D:8C:8A:CB:1E/FF:FF:FF:FF:FF:FF
add action=accept chain=dstnat src-mac-address=4E:8D:8C:8A:CA:1F/FF:FF:FF:FF:FF:FF
add action=drop chain=dstnat comment="block all other incoming connections" in-interface=ether1
add action=drop chain=dstnat comment="block all other incoming connections" in-interface=ether2
BTW- The MAC addresses is not real, only for example.