I’ve got a friend whose English is even worse than mine :’(, hence I post here for him because it seems that his problem is similar to cardina1’s.
He has provided a service through Internet but for the private use of an organisation. He would like to use CFP to limit incoming requests to the IP address of that service to a list of known MAC addresses.
He has defined a Network zone for that purpose, were the MAC addresses have been entered.
Then in the Global Rules dialog, he has added a rule to allow only the aforementioned network zone to access the service. As a result, traffic is blocked for everybody, including the registered MAC addresses. If he replaces the Network zone in the rule with an IP address and tests using that IP address, it works.
As a conclusion, using a Network zone in a global rule does not seem to work correctly.
(BTW, this is the first time I post here but this forum rocks! (R))
Aren’t MAC address based rules limited to one subnet (LAN), so if you provide service over the Internet then it simply won’t work. If it is the case then you could use VPN and if you do that then it really doesn’t matter whether you make safe zone using MACs or IPs.