diff --git a/services/firewall/rules.nft b/services/firewall/rules.nft
index ad9d646..d1a87d4 100644
--- a/services/firewall/rules.nft
+++ b/services/firewall/rules.nft
@@ -82,6 +82,10 @@ table inet firewall {
     ip saddr { $lan_net, $vpn_net } tcp dport { 53, 445 } accept
     ip6 saddr $lan_net6 tcp dport { 53, 445 } accept
 
+    # Allow MongoDB from LAN and VPN
+    ip saddr { $lan_net, $vpn_net } tcp dport 27017 accept
+    ip6 saddr { $lan_net, $vpn_net } tcp dport 27017 accept
+
     # Allow Minecraft server access from LAN and VPN
     ip saddr { $lan_net, $vpn_net } tcp dport 25565 accept
     ip saddr { $lan_net, $vpn_net } udp dport 25565 accept