Seems like the wrong layer unless your network has more than one router/gateway.

Use MAC as the key for firewall and monitoring. Then you don't have multiple rules per device.