A MAC filter is a security function that controls the access to the network using the MAC address of the devices in the network. The MAC address is a hardware address and serves for the positive identification of a network adapter. This allows to restrict the data traffic to certain network devices and the individual IP networks of the router. Only the data traffic via Ethernet connections is restricted with this, connections through tunnels or via cellular radio for example will not be restricted with this. It must be observed for routed connections between two network devices that the MAC addresses of both participants must be permitted.
Security limits: The user should be aware that the actually unique MAC address of a device in the network can be modified with (depending on the device) little effort. If the MAC address of a certain device in the network is permitted, this means that another device can also penetrate the MAC filter, if the permitted MAC address is assigned to it.
Default settings contain one MAC filter rule already that permits data traffic with the MAC address FF:FF:FF:FF:FF:FF to all IP networks of the router. The MAC address FF:FF:FF:FF:FF:FF is the broadcast address for ARP (Address Resolution Protocol). Without this rule and activated MAC filters, no ARP requests would be possible for example that are used by the router to determine the assignment between IP and MAC address of the network devices.