Current value of MAC_RULE_STRING_LEN allows creating 50-60 rules. Patch increases this value and also adds a sysctl variable to allow limiting mac_portcl use to a given user group.
Value changed might need adjusting. Applies cleanly on 11.2, 12.0 and HEAD.
Unit Tests Skipped
I'm not a commiter, but since this looks like a neat thing to have, may I suggest you get some reviewers added?
One way to find reviewers is to look through the code for who touched these bits (MFU/MRU-like) and then ask them if they want to review it, or send an email to the appropriate mailing list asking for reviewers.
Could you re-upload this patch with full context? If you use 'arc' to update the patch in place, starting with an ordinary Subversion checkout + your patch applied, I think it should do the right thing.