Bind MQTT or Service/Port to Single Network Adapter

I have been running HA in a Python vEnv using multiple network adapters. One interface exposes only 8123 to my home network, a second adapter hosts MQTT and other services in a more isolated IoT network.

With recent easy multiple network adapter configuration available in Hassio GUI I want to try to make the switch to the appliance.

My issue is that MQTT and other add-ons seem to become available on both network interfaces. I would like MQTT to be bound to just one network adapter.

Is it possible to block MQTT (1883) from being started/presented on a specific adapter?

I used iptables (via SSH Add-on w/Protection Mode Off) to block ports/services I don’t want exposed to my home network. Unsure of future repercussions this will create. Perhaps there is a better way to do this. Still looking for way to make iptables rule persistent between reboots. Suppose I need to read OpenRC / Alpine Linux docs?

iptables -I DOCKER -i enp1s0u1 -p tcp --dport 1883 -j DROP
iptables-save