許可したいアドレスだけを登録してその他を全部ブロックするほうが好ましいかも。。

→最終的に以下のようにした(許可したいMACアドレスのみ登録し、その他は暗黙のDenyで全部拒否)


ip policy filter 1 reject-nolog lan* pp* 102 216.55.186.161 *
ip policy filter 2 reject-nolog lan* pp* 102 182.22.0.0/17 *
ip policy filter 3 reject-nolog lan* pp* 102 183.79.0.0/16 *
ip policy filter 4 reject-nolog lan* pp* 102 104.18.231.150 *
ip policy filter 5 reject-nolog lan* pp* 102 104.18.232.150 *
ip policy filter 6 reject-nolog lan* pp* 102 104.18.233.150 *
ip policy filter 7 reject-nolog lan* pp* 102 104.18.234.150 *
ip policy filter 8 reject-nolog lan* pp* 102 104.18.235.150 *
ip policy filter set 101 name="Internet Access" 1 2 3 4 5 6 7 8 1100 [1110 1123 [1124] 1122 1150] 1500 [1520 5000 5001 5002] 1700 [1710] 3000
ip policy filter set enable 101
ethernet filter 83 pass-nolog 68:EF:43:68:BA:9F
ethernet filter 84 pass-nolog 00:0c:29:d3:07:cf
ethernet filter 85 pass-nolog 00:50:56:ef:00:01
ethernet filter 86 pass-nolog 00:0c:29:97:56:ba
ethernet filter 87 pass-nolog 3C:97:0E:8A:1F:3E
ethernet filter 88 pass-nolog 00:50:56:89:be:4b
ethernet filter 89 pass-nolog 50:87:89:d6:2b:72
ethernet filter 90 pass-nolog 4c:cc:6a:d0:65:d5
ethernet filter 91 pass-nolog 2c:fd:a1:6e:39:68
ethernet filter 92 pass-nolog 18:31:bf:6b:2c:80
ip lan1 address 10.0.7.254/21
ip lan1 wol relay broadcast
ip lan1 arp static 10.0.1.0 4c:cc:6a:d0:65:d5
ip lan1 arp static 10.0.2.0 2c:fd:a1:6e:39:68
ip lan1 arp static 10.0.3.0 18:31:bf:6b:2c:80
ethernet lan1 filter in 84 85 86 87 88 89 90 91 92