Welcome to LQ!
Actually, that isn't that hard to do. Start off by denying everything:
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
Then start allowing stuff in:
#SSH
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
#FTP
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
#Allow a specific IP to access everything
iptables -A INPUT -s 192.168.1.19 -j ACCEPT
#Do it for a MAC address
iptables -A INPUT -m mac --mac-source 00:00:00:00:00:01 -j ACCEPT
A few things to remember as well:
You're going to need to set some OUTPUT rules as well. Usually, limiting those to ESTABLISHED and RELATED states works OK. Also, remember that the rules are executed IN ORDER and iptables stops at the first rule that matches the packet. That can mean that even if the rules are correct, you may not be getting the desired behavior because they are in the wrong order. Finally, remember that filtering on a MAC address is only going to work for computers connected to your LAN directly. MAC addresses get stripped when they travel the Internet.
And be sure to have a good, long read at
FrozenTux