{"id":12709,"date":"2025-12-20T11:47:37","date_gmt":"2025-12-20T06:17:37","guid":{"rendered":"https:\/\/www.youstable.com\/blog\/?p=12709"},"modified":"2025-12-24T16:17:48","modified_gmt":"2025-12-24T10:47:48","slug":"what-is-firewalld-on-linux-server","status":"publish","type":"post","link":"https:\/\/www.youstable.com\/blog\/what-is-firewalld-on-linux-server","title":{"rendered":"What is FirewallD on Linux Server? Simple Firewall Guide"},"content":{"rendered":"\n<p><strong>FirewallD on a Linux server<\/strong> is a dynamic firewall manager that controls network traffic using zones and services instead of raw iptables rules. It provides runtime and permanent configurations, supports IPv4\/IPv6, NAT, and port forwarding, and uses nftables under the hood on modern distros\u2014making server security simpler, safer, and easier to automate.<\/p>\n\n\n\n<p>Securing your Linux server starts with understanding FirewallD on Linux server environments. Whether you run CentOS, RHEL, Rocky Linux, AlmaLinux, Fedora, or even Ubuntu (with FirewallD installed), this guide explains how FirewallD works, how to configure zones and services, and how to apply best practices that scale in production.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"what-is-firewalld-and-why-it-matters\"><strong>What is FirewallD and Why it Matters<\/strong>?<\/h2>\n\n\n\n<div class=\"wp-block-media-text has-media-on-the-right is-stacked-on-mobile\"><div class=\"wp-block-media-text__content\">\n<p>FirewallD is a daemon that dynamically manages firewall rules. Instead of editing complex iptables\/nftables chains, you manage higher-level objects\u2014zones, services, ports, and sources. Most enterprise Linux distributions ship with FirewallD enabled by default, leveraging nftables for performance and flexibility.<\/p>\n<\/div><figure class=\"wp-block-media-text__media\"><img loading=\"lazy\" decoding=\"async\" width=\"1168\" height=\"784\" src=\"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/What-Is-FirewallD-and-Why-It-Matters.png\" alt=\"What Is FirewallD and Why It Matters\" class=\"wp-image-13207 size-full\" srcset=\"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/What-Is-FirewallD-and-Why-It-Matters.png 1168w, https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/What-Is-FirewallD-and-Why-It-Matters-150x101.png 150w\" sizes=\"auto, (max-width: 1168px) 100vw, 1168px\" \/><\/figure><\/div>\n\n\n\n<p>Key benefits over raw iptables include on-the-fly changes without breaking connections, standardized service definitions, easier automation, and cleaner separation between temporary (runtime) and persistent (permanent) rules.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"how-firewalld-works-zones-services-and-runtime-vs-permanent\"><strong>How FirewallD Works: Zones, Services, and Runtime vs Permanent<\/strong><\/h2>\n\n\n\n<p>FirewallD groups rules into zones, which you assign to network interfaces or source IP ranges. Each zone represents a trust level\u2014for example, drop, public, home, work, internal, and trusted. Services and ports are then allowed within zones.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Zones:<\/strong> Predefined trust levels; you map interfaces (e.g., eth0) or source subnets to them.<\/li>\n\n\n\n<li><strong>Services:<\/strong> Named definitions (like ssh, http, https) stored in XML with known ports\/protocols.<\/li>\n\n\n\n<li><strong>Ports: <\/strong>Custom ports when a service isn\u2019t available (e.g., 8080\/tcp).<\/li>\n\n\n\n<li><strong>Runtime vs permanent:<\/strong> Runtime changes apply immediately but vanish after reboot; permanent changes persist after reload or reboot.<\/li>\n<\/ul>\n\n\n\n<p>Modern systems use the nftables backend. You still interact with FirewallD via firewall-cmd, while FirewallD translates to nftables rules under the hood.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"install-enable-and-check-firewalld\"><strong>Install, Enable, and Check FirewallD<\/strong><\/h2>\n\n\n\n<p>Most RHEL-based systems already include FirewallD. If it\u2019s missing, install and enable it:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># RHEL\/CentOS\/AlmaLinux\/Rocky\nsudo dnf <a href=\"https:\/\/www.youstable.com\/blog\/install-firewalld-on-linux\/\">install firewalld<\/a> -y\nsudo systemctl enable --now firewalld\n\n# Fedora\nsudo dnf install firewalld -y\nsudo systemctl enable --now firewalld\n\n# Ubuntu\/Debian (optional, default is ufw)\nsudo apt-get update\nsudo apt-get install firewalld -y\nsudo systemctl enable --now firewalld\n\n# Verify status\nsudo firewall-cmd --state\nsudo firewall-cmd --get-active-zones\nsudo firewall-cmd --list-all<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"common-firewalld-commands-cheat-sheet\"><strong>Common FirewallD Commands (Cheat Sheet)<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>List zones:<\/strong> firewall-cmd &#8211;get-zones<\/li>\n\n\n\n<li><strong>Active zones and interfaces: <\/strong>firewall-cmd &#8211;get-active-zones<\/li>\n\n\n\n<li><strong>List rules for zone: <\/strong>firewall-cmd &#8211;zone=public &#8211;list-all<\/li>\n\n\n\n<li><strong>Allow service (runtime):<\/strong> firewall-cmd &#8211;zone=public &#8211;add-service=http<\/li>\n\n\n\n<li><strong>Make it permanent:<\/strong> firewall-cmd &#8211;zone=public &#8211;add-service=http &#8211;permanent<\/li>\n\n\n\n<li><strong>Open port: <\/strong>firewall-cmd &#8211;zone=public &#8211;add-port=8080\/tcp &#8211;permanent<\/li>\n\n\n\n<li><strong>Reload permanent rules:<\/strong> firewall-cmd &#8211;reload<\/li>\n\n\n\n<li><strong>Copy runtime to permanent: <\/strong>firewall-cmd &#8211;runtime-to-permanent<\/li>\n\n\n\n<li><strong>Change default zone: <\/strong>firewall-cmd &#8211;set-default-zone=public<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"opening-ports-and-allowing-services\"><strong>Opening Ports and Allowing Services<\/strong><\/h2>\n\n\n\n<p>Prefer services when available; they\u2019re clearer and less error-prone. If a service doesn\u2019t exist, use ports.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Allow SSH and HTTPS permanently in the public zone\nsudo firewall-cmd --zone=public --add-service=ssh --permanent\nsudo firewall-cmd --zone=public --add-service=https --permanent\nsudo firewall-cmd --reload\n\n# Open custom port 8080\/tcp at runtime, test, then persist\nsudo firewall-cmd --zone=public --add-port=8080\/tcp\nsudo firewall-cmd --runtime-to-permanent<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"understanding-zones-with-real-scenarios\"><strong>Understanding Zones with Real Scenarios<\/strong><\/h2>\n\n\n\n<p>Map zones to how much you trust a network. Typical server setups use public for internet-facing NICs and internal for private VLANs.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Public zone (internet-facing web server):<\/strong> Allow http, https, and ssh from specific admins if possible.<\/li>\n\n\n\n<li><strong>Internal zone (backend network): <\/strong>Allow MySQL\/PostgreSQL between app and DB servers; block from the public.<\/li>\n\n\n\n<li><strong>Trusted zone (highly controlled admin segment): <\/strong>Broader access for monitoring or backups.<\/li>\n\n\n\n<li><strong>Drop zone (hostile networks):<\/strong> Silently drop all inbound except what you explicitly allow.<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code># Bind interfaces to zones\nsudo nmcli connection modify \"eth0\" connection.zone public\nsudo nmcli connection modify \"eth1\" connection.zone internal\nsudo nmcli connection up \"eth0\"\nsudo nmcli connection up \"eth1\"\n\n# Or assign a source subnet to a zone\nsudo firewall-cmd --zone=internal --add-source=10.10.0.0\/16 --permanent\nsudo firewall-cmd --reload<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"rich-rules-granular-control\"><strong>Rich Rules: Granular Control<\/strong><\/h2>\n\n\n\n<p>When you need conditions (source IP, logging, rate limits, specific protocols), use rich rules.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Allow SSH only from your office IP with logging\nsudo firewall-cmd --zone=public --add-rich-rule='rule family=\"ipv4\" \\\n  source address=\"203.0.113.10\/32\" service name=\"ssh\" log prefix=\"SSH-ALLOW\" level=\"info\" accept' --permanent\n\n# Drop all SSH attempts from a hostile subnet\nsudo firewall-cmd --zone=public --add-rich-rule='rule family=\"ipv4\" \\\n  source address=\"198.51.100.0\/24\" service name=\"ssh\" drop' --permanent\n\nsudo firewall-cmd --reload<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"masquerading-and-port-forwarding-nat\"><strong>Masquerading and Port Forwarding (NAT)<\/strong><\/h2>\n\n\n\n<p>Enable masquerading to allow outbound <a href=\"https:\/\/www.youstable.com\/blog\/fix-your-connection-is-not-private-error\/\">connections from private<\/a> networks. Use port forwarding to publish a service running on a different host or port.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Enable masquerade on the public zone\nsudo firewall-cmd --zone=public --add-masquerade --permanent\n\n# Forward external 8443\/tcp to internal 10.10.0.20:443\nsudo firewall-cmd --zone=public --add-forward-port=port=8443:proto=tcp:toaddr=10.10.0.20:toport=443 --permanent\n\nsudo firewall-cmd --reload<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"firewalld-vs-iptables-vs-nftables\"><strong>FirewallD vs iptables vs nftables<\/strong><\/h2>\n\n\n\n<p>FirewallD is a management layer; nftables is the kernel-level packet filtering framework. iptables is legacy and still present on some systems, but modern RHEL\/Fedora family use nftables by default through FirewallD.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>FirewallD:<\/strong> High-level, dynamic, zone-based; user-friendly and automation-friendly.<\/li>\n\n\n\n<li><strong>nftables:<\/strong> Modern, efficient packet filtering; back-end for FirewallD.<\/li>\n\n\n\n<li><strong>iptables:<\/strong> Older framework; powerful but verbose and error-prone for daily ops.<\/li>\n<\/ul>\n\n\n\n<p>For most admins, FirewallD offers the best balance of simplicity and power. Advanced teams may mix direct rules, but consistency and maintainability favor FirewallD abstractions.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"troubleshooting-and-common-pitfalls\"><strong>Troubleshooting and Common Pitfalls<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Runtime vs permanent mismatch: <\/strong>Changes with no &#8211;permanent vanish after reboot. Use &#8211;permanent and firewall-cmd &#8211;reload or firewall-cmd &#8211;runtime-to-permanent.<\/li>\n\n\n\n<li><strong>Wrong zone: <\/strong>Your interface may be in a different zone than expected. Check with firewall-cmd &#8211;get-active-zones.<\/li>\n\n\n\n<li><strong>Service not found: <\/strong>Use firewall-cmd &#8211;get-services or open an explicit port.<\/li>\n\n\n\n<li><strong>SELinux conflicts: <\/strong>Allowing a port in FirewallD doesn\u2019t override SELinux. Use semanage port -a -t http_port_t -p tcp 8080 for custom ports.<\/li>\n\n\n\n<li><strong>Docker\/Podman interaction: <\/strong>Containers manipulate low-level rules. Ensure masquerading is enabled, or rely on &#8211;publish ports which set rules automatically. Consider using the docker network host policy carefully.<\/li>\n\n\n\n<li><strong>SSH lockout: <\/strong>Test rules at runtime first. Keep an emergency console or out-of-band access ready before reloading.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"security-best-practices-for-production-servers\"><strong>Security Best Practices for Production Servers<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Default-deny stance:<\/strong> Use restrictive zones (public\/drop) and explicitly allow only required services.<\/li>\n\n\n\n<li><strong>Limit SSH:<\/strong> Allow from known IPs via rich rules, move to non-standard ports if policy allows, and use keys plus fail2ban.<\/li>\n\n\n\n<li><strong>Separate interfaces by zones: <\/strong>Public vs internal networks should have different trust levels.<\/li>\n\n\n\n<li><strong>Log strategically:<\/strong> Use rich rules with logging for sensitive services, then ship logs to a SIEM.<\/li>\n\n\n\n<li><strong>Version control your firewall:<\/strong> Store firewall-cmd scripts or Ansible roles in Git for auditability.<\/li>\n\n\n\n<li><strong>Review regularly: <\/strong>Run firewall-cmd &#8211;list-all for each zone and remove stale ports.<\/li>\n\n\n\n<li><strong>Harden services: <\/strong>Combine FirewallD with strong TLS, up-to-date packages, and minimal exposed surface.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"automation-and-persistence\"><strong>Automation and Persistence<\/strong><\/h2>\n\n\n\n<p>Automate FirewallD with Ansible, Terraform (via scripts), or cloud-init. For golden images, bake permanent rules into AMIs or templates, then apply environment-specific overrides at boot.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Example: Hardening script for a <a href=\"https:\/\/www.youstable.com\/blog\/install-apache-web-server-in-linux\/\">web server<\/a>\n#!\/usr\/bin\/env bash\nset -e\n# Base zone\nfirewall-cmd --set-default-zone=public\n# Services\nfirewall-cmd --zone=public --add-service=ssh\nfirewall-cmd --zone=public --add-service=http\nfirewall-cmd --zone=public --add-service=https\n# Limit SSH by source\nfirewall-cmd --zone=public --add-rich-rule='rule family=ipv4 source address=203.0.113.10\/32 service name=ssh accept'\n# Persist\nfirewall-cmd --runtime-to-permanent\nfirewall-cmd --reload<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"where-firewalld-stores-configuration\"><strong>Where FirewallD Stores Configuration<\/strong><\/h2>\n\n\n\n<p>Services live in \/usr\/lib\/firewalld\/services\/ (defaults) and \/etc\/firewalld\/services\/ (custom). Permanent zone configs are written to \/etc\/firewalld\/zones\/. Runtime configuration exists in memory; reload writes permanent definitions into effect. This structure simplifies backups and audits.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"when-to-consider-managed-hosting\"><strong>When to Consider Managed Hosting<\/strong><\/h2>\n\n\n\n<p>If you prefer focusing on applications instead of firewall intricacies, managed servers help. At YouStable, our engineers provision servers with sane FirewallD defaults, restrict administrative access, and document changes\u2014so you get a secure, production-ready baseline without the guesswork.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"faqs\"><strong>FAQs:<\/strong><\/h2>\n\n\n<div id=\"rank-math-faq\" class=\"rank-math-block\">\n<div class=\"rank-math-list \">\n<div id=\"faq-question-1765643984645\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"how-do-i-check-if-firewalld-is-running-and-which-zone-my-interface-uses\"><strong>How do I check if FirewallD is running and which zone my interface uses?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Run firewall-cmd &#8211;state to verify it\u2019s running. To see active zones and their interfaces, use firewall-cmd &#8211;get-active-zones. For detailed rules in a zone, run firewall-cmd &#8211;zone=public &#8211;list-all (replace public with your zone).<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765644000965\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"whats-the-difference-between-runtime-and-permanent-in-firewalld\"><strong>What\u2019s the difference between runtime and permanent in FirewallD?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Runtime changes apply immediately but are temporary. Permanent changes persist across reboots. Use &#8211;permanent when adding rules you want to keep, then run firewall-cmd &#8211;reload. To save all current runtime rules, run firewall-cmd &#8211;runtime-to-permanent.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765644018814\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"how-do-i-open-a-port-or-allow-a-service-safely\"><strong>How do I open a port or allow a service safely?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Test at runtime first, then persist. Example: firewall-cmd &#8211;zone=public &#8211;add-service=https (test), followed by firewall-cmd &#8211;zone=public &#8211;add-service=https &#8211;permanent and firewall-cmd &#8211;reload once confirmed. Prefer services over raw ports when possible.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765644037395\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"should-i-use-firewalld-or-iptables-directly\"><strong>Should I use FirewallD or iptables directly?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Use FirewallD for most cases. It\u2019s simpler, safer, and integrates with nftables by default. Reserve direct nft\/iptables rules for rare edge cases. Consistency and maintainability in teams usually favor FirewallD abstractions.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765644051634\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"how-does-firewalld-interact-with-docker-or-podman\"><strong>How does FirewallD interact with Docker or Podman?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Containers insert low-level rules automatically for published ports. Ensure masquerading is enabled on your external zone for outbound connectivity. Avoid mixing manual low-level rules with container-managed chains unless you know the implications.<\/p>\n\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>FirewallD on a Linux server is a dynamic firewall manager that controls network traffic using zones and services instead of [&hellip;]<\/p>\n","protected":false},"author":21,"featured_media":15588,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[350,1195],"tags":[],"class_list":["post-12709","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-knowledgebase","category-blogging"],"acf":[],"featured_image_src":"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/What-is-FirewallD-on-Linux-Server-Simple-Firewall-Guide.jpg","author_info":{"display_name":"Sanjeet Chauhan","author_link":"https:\/\/www.youstable.com\/blog\/author\/sanjeet"},"_links":{"self":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/12709","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/users\/21"}],"replies":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/comments?post=12709"}],"version-history":[{"count":9,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/12709\/revisions"}],"predecessor-version":[{"id":15589,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/12709\/revisions\/15589"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/media\/15588"}],"wp:attachment":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/media?parent=12709"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/categories?post=12709"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/tags?post=12709"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}