Re: Mac address filtering

---

Nime wrote:

...what i want to achieve is to allow known Mac addresses and deny all MAC address that are not known.

---

In this case you should create firewall rule with default-action drop and rules that allow traffic on per-MAC basis. Something like this:

root@jesse# show firewallname WAN_OUT {default-action drop
     rule 100 {action accept
         protocol all
         source {mac-address 77:88:99:aa:bb:cc
         }
     }
     rule 110 {action accept
         protocol all
         source {mac-address 88:99:aa:bb:cc:dd
         }
     }
 }
[edit]
root@jesse# show interfaces ethernet eth0 firewall
 out {name WAN_OUT
 }
[edit]