Building an Intelligent MQTT Firewall with Fail2Ban, journalctl, and Mosquitto Logs
Introduction When deploying a public MQTT backend, brute-force login attempts and unauthorized scans are inevitable. Off-the-shelf solutions like Fail2Ban are helpful, but they often fall short when dealing with sophisticated attackers who rotate IP addresses or use shared networks. This post documents how I built an intelligent firewall system for my Mosquitto MQTT server — combining journalctl, mosquitto.log, and Fail2Ban — and how a I refined the automation logic to be both accurate and safe and more effective. ...