Networking Security: Self-Managed / Firewalls for Self-Managed Deployments
Code Summary: Firewalls for Self-Managed Deployments
The following provides a summary of the code to configure firewall rules for Self-Managed MongoDB deployments.
Prerequisites
- MongoDB
- Linux (Ubuntu)
Usage
Allowing Traffic from Another MongoDB Server in a Replica Set by Configuring INPUT and OUTPUT Chains:
The following allows incoming and outgoing TCP connections on port 27017 for a specific IP address using iptables. Replace <ip-address> with the allowed IP.
iptables -A INPUT -s <ip-address> -p tcp --destination-port 27017 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -d <ip-address> -p tcp --source-port 27017 -m state --state ESTABLISHED -j ACCEPT
Update the Default Firewall Rules:
The following sets the default iptables policy to block all incoming and outgoing network traffic.
iptables -P INPUT DROP
iptables -P OUTPUT DROP
Save iptables Configurations:
The following saves the current iptables firewall rules to the /etc/iptables.conf file.
iptables-save > /etc/iptables.conf