MikroTik

Hi, until now I've been using a linux machine as a firewall (shorewall) and to control the internet access for the computers I've been using rules based on the mac addresses.

Now, I know the router os doesn't have a mac list feature, whichi'd love, but is it possible to use another approach for the firewall so I can still do mac filtering? Maybe using radius or the hotspot feature?

if packets are passing though /ip firewall filter then you can use field src-mac-address fields as you see fit. you just have to notice where the MAC addresses change in traffic flow.

I ended up using the Hotspot feature with mac-address authentication and using the packets mark to do the filtering on the firewall.

BTW, at least on 5.12, the package mark rules are created on the mangle table BUT there's no rule to jump to the hotspot chain so, if you don't manually create them, the marks are not applied.

you should check hotspot configuration:
http://wiki.mikrotik.com/wiki/Hotspot

if you fill all the fields then bunch of dynamic rules are added that will move packets around in different chains. If you are missing some, that could mean that you have not filled some of them.

The rules on the mangle table are created on the Hotspot chain but, at least for me, there was no rule to make the traffic go through that chain which is why I add those two rules.

Any how, is working now.