ну тут особо не добавить не убавить. проверку MAC адресов я бы организовывал во вложенной цепочке
iptables -t filter -P FORWARD DROP
iptables -t filter -A FORWARD -m state --state INVALID -j DROP
iptables -t filter -N CHECKMAC
iptables -t filter -A FORWARD -i eth0 -j CHECKMAC
iptables -t filter -I CHECKMAC -i eth0 -m mac --mac-source 00:17:31:81:7e:72 -j RETURN
iptables -t filter -I CHECKMAC -i eth0 -m mac --mac-source 00:17:31:81:77:72 -j RETURN
iptables -t filter -A CHECKMAC -j DROP
iptables -t filter -A FORWARD -m state --state RELATED,ESTABLISHED,DNAT -j ACCEPT
iptables -t filter -A FORWARD -i eth0 -p tcp -m multiport --dports 80,443,5190 -m state --state NEW -j ACCEPT
iptables -t filter -A FORWARD -i eth0 -p icmp -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.75.31.0/24 -o ppp0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 10.75.31.0/24 -o eth1 -j MASQUERADE