Would like MAC access controls for LAN ports

I have two Surf SOHOs for which I would like to disable all LAN access except when I need to configure them. Ideally I would filter the LAN access by MAC address as I am able to do with the WiFi AP, but I see no way to do that.

This thread suggests setting up outgoing and internal firewall rules, but I’m failing to see how I can fashion rules that deny all MAC addresses other than those I want, while also retaining the function of the existing rules.

Why do I need LAN port filtering? Because this is a restricted network, and I need to keep people from just plugging a cable into it, but I cannot just turn off the ports because that’s my only way to configure the router.

Hello and Good Day

Is this an option you can do? A little engineering is involved.

Make a L bracket the width of the Ethernet ports. Then strategically place RJ45 connectors on that L bracket. Plug in the L bracket to Ethernet ports, and screw down L bracket.

You would only need to do two ports, say 1 and 4
And I believe that you could screw or epoxy the RJ45 connectors to the L bracket. And of course I assume that you can screw down the L bracket to what ever the Surf soho is sitting on.
And I am assuming that you don’t need those E ports.
The L bracket can be configured any way that is needed.