FYI: it is very easy to give your network adaptor another MAC address, most (decent) cards have a setting for that in their driver properties
(just saying that a banned MAC address can give u a false feeling of security)
about the 'checking takes less time': it takes just as much time or even more time:
- at 'firewall' level: the packet requesting a TCP connection - contains both remote MAC and IP
- at ioFTPD level: io establishes the connection first to check the ip, i don't think there is a way to check the remote IP before a connection is established. the remote IP is then just 1 api call away, while the remote MAC address, well... i don't have any idea how to get it through winsock