Set firewall rules for MQTT connections
This chapter describes how to allow incoming network connections to an MQTT broker via tcp port 1883 and configure the corresponding firewall rules.
Proceed as follows:
- 1. To allow incoming network connections to tcp port 1883 for MQTT clients, create the file
/etc/nftables.conf.d/60-mosquitto-container.confwith the following content:
table inet filter {
chain input {
# accept connection to mqtt broker
tcp dport 1883 accept
}
}
table inet filter {
chain forward {
type filter hook forward priority 0; policy drop;
# Allow forwarding of packets with TCP source port 1883
tcp sport 1883 accept
# Allow forwarding of packets with TCP destination port 1883
tcp dport 1883 accept
}
}- 2. Then go to
sudo nft -f /etc/nftables.conf.d/60-mosquitto-container.conf, to apply the additional rule set.