Enable port

	Automatic port enabling for TwinCAT Functions Ports that are required for TwinCAT Functions are automatically enabled once the TwinCAT Functions have been installed.

To enable a port in the firewall, a rule must be added that allows incoming connections on this port. As an example, an incoming connection for TCP port 502 is created in a separate configuration file, which is required for Modbus/TCP communication.

Proceed as follows:

1. Use the command ip addr show to determine the available Ethernet interfaces.

Examples of available Ethernet interfaces: lo, end1, end0

2. Select an Ethernet interface to be configured for Modbus/TCP communication.

3. Create a configuration file in the /etc/nftables.conf.d/ directory with the name 60-modbus.conf, for example

sudo nano /etc/nftables.conf.d/60-modbus.conf

4. Insert the following content and adjust the values to your network requirements:

table inet filter {
  chain input {
    # accept ModbusTCP
    iifname "end1" tcp dport 502 accept
  }
}

5. Save and close the configuration file.

6. Load the new rule with the command

sudo systemctl reload nftables

7. Check the settings and make sure that the configuration has been applied correctly.

sudo nft list ruleset