1
You don't. MAC Address filtering is trivial to bypass. Instead secure the wireless connection. Doing this will prevent your neighbor from connecting to your network. What you actually asked about cannot be accomplished without knowledge of all the MAC addresses for his devices so that specific question cannot be answered.
- Encryption should be WPA2 (AES)
- WPA Authentication Mode should be Personal(Pre-Shared Key)
- Pre-Shared Key Format should be Passphrase
- Pre-Shared Key: Should be more than a sixteen character password.
1I agree with Ramhound that the better solution is to secure your WiFi, but if you really do prefer MAC filtering you would change the default outgoing policy to deny, and then "Add" an outgoing rule for each of the devices you want to allow to connect to the wifi specifying their MAC as the Source MAC. As a note, it appears your MAC filtering only affects traffic leaving or entering the internet interface. This means even after MAC filtering your neighbor could still interact with devices on the local network which is likely NOT a good thing. – ssnobody – 2015-08-22T17:24:41.470