Need help to setup RDP rule based on MAC


I have a server that I control by using RDP. Recently I have gotten lots of connection attempts from “others” on the RDP port (3389). I dont like that, so basically I blocked out every other IP that isn’t in the local area network. It works fine and the connection attempts are blocked.

There is one problem tho, I cant control the server unless I am home. One solution to this is to allow traffic on the RDP port from a specific IP, that makes it possible to control the server. But creates another problem, kind of moment 22, outside my local area network I wont know the IP until I am connected to the new network which makes it impossible for me to connect to the server and change the rule in the firewall to allow traffic.

So I thought of another solution. A MAC-address based rule since the MAC-address of my network card on the laptop will always be the same no matter IP. That should work right? I allow traffic in on port 3389 where source is my laptops MAC-address. But I simply can’t get this to work and I don’t know why! I need help to set this up.

I created a network zone called Allowed IPs where MAC-address (and Local IPs) that should be allowed to use the RDP port.

The rules I am using currently are:

Allow TCP Or UDP In/Out From In [Allowed IPs] To MAC Any Where Source Port Is Any and Destination Port Is 3389.
Block And Log TCP Or UDP In/Out From NOT In [Allowed IPs] To MAC Any Where Source Port Is Any and Destination Port Is 3389.

It works if I enter a IP in Allowed IPs, but I want to trigger on MAC-address so I can control the server no matter where I am with my laptop.

Isnt the mac address in IPv4 kept inside of networks?
Your computer at home has no idea what the mac address of an “outside” IPv4 connection is.

MAC addresses are only routed on the local network but not on the internet. In short when trying to connect from the web you need to use an IP address for source address in the rule for the incoming traffic. But since your external IP address is variable and you don’t want the outside world to ring your server’s bell I can’t of a solution…