MikroTik

I have a router 750Gr3, which I am using as a Switch Ethernet.
All ports have been added to a bridge, which has "Fast Forward" functionality disabled.

I only want to allow two MAC sources address to comunicate through this Router (configured as a Switch). It is the cibersecurity requirement of my customer.

/interface bridge
add admin-mac=78:9A:18:74:32:DB auto-mac=no comment=defconf fast-forward=no name=bridge protocol-mode=none
/interface bridge filter
add action=accept chain=input in-bridge=bridge src-mac-address=54:E1:AD:04:75:4C/FF:FF:FF:FF:FF:FF
add action=accept chain=input in-bridge=bridge src-mac-address=58:8A:5A:01:AF:53/FF:FF:FF:FF:FF:FF
add action=drop chain=input in-bridge=bridge
add action=drop chain=forward in-bridge=bridge

I do not know how to solve it but I have pings beetween all computers connected to this Switch and I only want to have comunication beetween two computers (54:E1:AD:04:75:4C and 58:8A:5A:01:AF:53).
Kind regards in advanced

The bridge is offloaded to hardware switch chip (MT7621) ... which according to switch chip features table doesn't support rules.

So if you want your bridge filter rules to actually work, you have to disable HW offload ... on all bridge ports set hw=no. This will, alas, cause all traffic to pass via CPU and in turn it means that all-port-wirespeed is not possible any more (it's near wirespeed though).

BTW, you'll have to accept frames from allowed MAC address for chain=forward to allow communication between two attached ethernet devices.

Thank you very much, it is working rightly as you said