Configure Windows netsh Firewall for MongoDB
On Windows Server systems, the netsh program provides methods for managing the Microsoft Windows Firewall. These firewall rules enable administrators to control which hosts can connect to the system, and limit risk exposure by limiting the hosts that can connect to a system.
The Windows Firewall processes rules in an order determined by rule type. Rules are parsed in the following order:
- Windows service hardening
- Connection security
- Authenticated bypass
- Block
- Allow
- Default
By default, the policy in Windows Firewall allows all outbound connections, and blocks all incoming connections.
Note
port
configuration setting to configure different ports, modify the rules accordingly.Allow traffic from the BMC Digital Workplace and Smart IT server to and from mongod.exe instances
This pattern is applicable to all mongod.exe instances running as stand-alone instances or as part of a replica set. The goal of this pattern is to explicitly allow traffic to the mongod.exe instance from the MyIT and Smart IT server.
netsh advfirewall firewall add rule name="Open mongod port 27017" dir=in action=allow protocol=TCP localport=27017
This rule allows all incoming traffic to port 27017, which allows the BMC Digital Workplace and Smart IT server to connect to the mongod.exe instance.
Windows Firewall also allows enabling network access for an entire application rather than to a specific port, as in the following example:
netsh advfirewall firewall add rule name="Allowing mongod" dir=in action=allow program=" C:\mongodb\bin\mongod.exe"
Manage and maintain Windows Firewall configurations
This section contains a number of basic operations for managing and using netsh. While you can use the graphical interface to manage Windows Firewall, all core functionality is accessible from netsh.
Task | Command | Description |
---|---|---|
Delete all Windows Firewall rules |
| Delete the firewall rule allowing mongod.exe traffic. |
List all Windows Firewall rules | netsh advfirewall firewall show rule name=all | Return a list of all Windows Firewall rules. |
Reset Windows Firewall | netsh advfirewall reset | Reset the Windows Firewall rules. |
Back up and restore Windows Firewall rules |
| To simplify administration of a larger collection of systems, you can export or import firewall systems from different servers) rules on Windows. Replace path with the directory of your choice. |
Comments
Log in or register to comment.