Using the MAC address to limit access is not as effective as you might hope.....anyone wanting to join your network illicitly can analyze packet data to find the active MAC addresses on your network then spoof one of those. Having a strong WiFi passphrase such as you do is far more effective.
Leave yourself enough room to add devices to your network without having to manually intervene each time, but limit the DHCP pool to a smaller footprint.....I nominally suggest keeping it about 60% larger than your normal client base if you have more than 5 devices on your network.....if you have 5 or less, then limit your pool to 10 clients.
