Unfortunately, it doesn't appear to be possible to filter based on MAC addresses in ipfw. I was hoping to do this so that I could control who was accessing the internet through my computer when I ran internet sharing. However, I have discovered that it is possible to filter by MAC addresses -- you just have to do it in bootpd, the process that serves DHCP and doles out the IP addresses.
In case you've never heard of MAC addresses before, this hint is most useful for controlling who can join your airport network, and for sharing an internet connection over the same interface without serving DHCP to the rest of the network.
Unlike most of the UNIX programs, bootpd gets all of its options from NetInfo Manager. So, to set this option, you have to open up NetInfo Manager and go to the /config/dhcp directory. Make sure you are authenticated, then choose Add Property from the Directory menu. Call the property allow. In the values side, insert the MAC address of the first computer. Then, choose Insert Value and enter the next address, and continue until you have entered all of the addresses.
The format of the addresses in the list is slightly different from usual -- you must omit the any leading zeros. So 00 becomes 0 and 07 becomes 7, but 30 and 4d are the same. This option and lots of other bootpd options are detailed in the bootpd man pages (man bootpd).
[robg adds: You can see the Mac address for a given machine on the Ethernet tab in the Network preferences.]
Mac OS X Hints
http://hints.macworld.com/article.php?story=20041005183041743