white list of MAC addresses

hi,
need to make a firewall rule that blocks all mac addresses on an internal network and release those that I set.
It would be something like a white list.

Please someone help ! :-\

does a computer send its mac adress over the “internet”?
how should your desktop firewall see another computers mac adress?

you can white list ip adresses, and your router can manage the mac adresses together with the ip adresses.

correct me if i am wrong.

and read about mac adress spoofing also

My question is about the internal network, other PCs to access my pc and not on the Internet.
could be a control by ip ips only authorized to access my pc
mac address but would be a bit more difficult for fraud.

look, I’m an example of

PCs on the network are:
pc1, pc2, pc3, pc4 …

My PC is pc1
pc2, pc3, pc4 … and other users

I want help for a rule that only access pc1, the pc2 and pc3.
And PC4 and other PCs to join the network without my knowledge not access the pc1.

i understood your question.

first, mac adresses can be “easily” obtained by an intruder who knows how.

the router manages the network, he is the one who deals with mac adresses together with ip adresses.
your desktop firewall manages traffic based on ip adresses.
to get a combination of mac and ip adresses, you have to instruct your router to combine “static internal ip adresses with their mac adress”. and the computers should know their static ip adress (network setting).
then you can allow (or default block) each of the static internal ip adresses with your desktop firewall.

but again, if an intruder gets the mac adress and sets the same ip adress, he still could connect to your computer.
a desktop firewall can not protect you against a scenario where the same ip adress became malicious! and a router can not decide if ones good or bad, he just looks at mac and ip adress!
an untrusted network should never have the rights for ingoing traffic into your computer.
its easy to protect you against…
but its difficult to make “safe” holes.

then how would a rule based on ip?

we leave these issues ip and mac clone to another topic

an ip based desktop firewall rule would only make sense (to the degree where it could be exploited in a internal network), if each computer in the network would have his very own ip.

here again: the first point to manage security and permissions inside a network is, the router! he is the first layer.
the desktop firewall is there to protect your computer against malicious unrequested things. if you dont filter out malicious attempts before they reach the firewall, and you open holes, the malicious attempts can get through the holes in these scenarios.
try to make a safe management setting in the router. otherwise it would be like the untrusted internet. and even more worse, as there are only a few ip adresses which are known to be allowed to come into your computer (pc2 and pc3).
if you cant manage your router in the network, you can most likely not trust the network!