{"id":12802,"date":"2025-12-20T12:35:31","date_gmt":"2025-12-20T07:05:31","guid":{"rendered":"https:\/\/www.youstable.com\/blog\/?p=12802"},"modified":"2025-12-20T12:35:43","modified_gmt":"2025-12-20T07:05:43","slug":"how-to-configure-firewalld-on-linux","status":"publish","type":"post","link":"https:\/\/www.youstable.com\/blog\/how-to-configure-firewalld-on-linux","title":{"rendered":"How to Configure FirewallD on Linux Server &#8211; (Step-by-Step Guide 2026)"},"content":{"rendered":"\n<p><strong>To configure FirewallD on a Linux server<\/strong>, install and enable the service, choose a default zone, then allow required services and ports using firewall-cmd. Apply changes permanently, reload, and verify. Use zones, rich rules, and masquerading for granular control. This 2026 step-by-step guide covers RHEL, Rocky\/AlmaLinux, CentOS Stream, Fedora, Ubuntu, and Debian.<\/p>\n\n\n\n<p>In this guide, you\u2019ll learn how to configure FirewallD on a Linux server safely and effectively using firewall-cmd. We\u2019ll cover zones, services, ports, rich rules, NAT\/port forwarding, runtime vs permanent rules, and troubleshooting. Whether you manage a VPS, <a href=\"https:\/\/www.youstable.com\/blog\/secure-dedicated-server\/\">dedicated server<\/a>, or cloud VM, this tutorial is designed to be beginner-friendly and production-ready.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"what-is-firewalld-and-why-use-it-in-2026\"><strong>What is FirewallD and Why Use it in 2026?<\/strong><\/h2>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"2496\" height=\"1664\" src=\"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/image-65.png\" alt=\"What Is FirewallD and Why Use It \" class=\"wp-image-12894\" srcset=\"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/image-65.png 2496w, https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/image-65-150x100.png 150w\" sizes=\"auto, (max-width: 2496px) 100vw, 2496px\" \/><\/figure>\n\n\n\n<p>FirewallD is a dynamic firewall manager that uses nftables (or iptables on legacy systems) to enforce network policies without interrupting connections. It introduces zones (trust levels), named services, and rich rules, making it easier to secure servers at scale. It\u2019s the default on RHEL 8\/9, Rocky\/AlmaLinux, CentOS Stream, Fedora, and available on Ubuntu\/Debian.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"prerequisites-and-safety-checklist\"><strong>Prerequisites and Safety Checklist<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/www.youstable.com\/blog\/how-to-enable-ssh-access-for-clients-or-users\/\">SSH access<\/a> with sudo privileges<\/li>\n\n\n\n<li>Console\/KVM access or a second SSH session to avoid lockout<\/li>\n\n\n\n<li>Know your interface names (e.g., eth0, ens160)<\/li>\n\n\n\n<li>Cloud notes: open ports in your provider\u2019s security group as well (AWS SG, Azure NSG, GCP firewall rules)<\/li>\n\n\n\n<li>On Ubuntu, do not run UFW and FirewallD simultaneously (disable UFW if using FirewallD)<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"install-and-enable-firewalld\"><strong>Install and Enable FirewallD<\/strong><\/h2>\n\n\n\n<p>Install and start FirewallD according to your Linux distribution.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># RHEL \/ Rocky \/ AlmaLinux \/ CentOS Stream \/ Fedora\nsudo dnf install -y firewalld\nsudo systemctl enable --now firewalld\nsudo firewall-cmd --state    # running\n\n# Ubuntu 22.04\/24.04 and Debian\nsudo apt update &amp;&amp; sudo apt install -y firewalld\nsudo systemctl enable --now firewalld\nsudo firewall-cmd --state    # running\n\n# If UFW is enabled on Ubuntu, disable it to avoid conflicts:\nsudo systemctl stop ufw &amp;&amp; sudo systemctl disable ufw<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"quick-start-secure-defaults-in-60-seconds\"><strong>Quick Start: Secure Defaults in 60 Seconds<\/strong><\/h2>\n\n\n\n<p>Set the default zone and allow SSH so you don\u2019t lock yourself out. Then open HTTP\/HTTPS if this is a web server.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Set default zone\nsudo firewall-cmd --set-default-zone=public\n\n# Allow SSH (runtime), then make it permanent\nsudo firewall-cmd --add-service=ssh\nsudo firewall-cmd --add-service=ssh --permanent\n\n# Allow web traffic (HTTP\/HTTPS)\nsudo firewall-cmd --add-service=http --permanent\nsudo firewall-cmd --add-service=https --permanent\n\n# Apply persistent rules\nsudo firewall-cmd --reload\n\n# Verify\nsudo firewall-cmd --list-all<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"understanding-firewalld-zones\"><strong>Understanding FirewallD Zones<\/strong><\/h2>\n\n\n\n<p>Zones represent trust levels. Common zones include:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>drop: Drop all incoming; only outgoing allowed<\/li>\n\n\n\n<li>block: Reject in, outgoing allowed<\/li>\n\n\n\n<li>public: Untrusted networks (default for servers)<\/li>\n\n\n\n<li>external: For NAT with masquerading<\/li>\n\n\n\n<li>internal: Trusted LAN behind your server<\/li>\n\n\n\n<li>trusted: Accept all (use carefully)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"view-and-set-the-default-zone\"><strong>View and Set the Default Zone<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo firewall-cmd --get-default-zone\nsudo firewall-cmd --set-default-zone=public\nsudo firewall-cmd --get-zones\nsudo firewall-cmd --get-active-zones<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"assign-interfaces-and-sources-to-zones\"><strong>Assign Interfaces and Sources to Zones<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code># Assign interface to a zone (permanent)\nsudo firewall-cmd --zone=public --change-interface=eth0 --permanent\n\n# Put a subnet into trusted zone (e.g., office IP range)\nsudo firewall-cmd --zone=trusted --add-source=203.0.113.0\/24 --permanent\n\nsudo firewall-cmd --reload\nsudo firewall-cmd --get-active-zones<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"allow-services-and-ports\"><strong>Allow Services and Ports<\/strong><\/h2>\n\n\n\n<p>FirewallD uses named services (service files define ports\/protocols). Prefer services over raw ports for clarity.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"allow-services\"><strong>Allow Services<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code># Common services\nsudo firewall-cmd --zone=public --add-service=ssh --permanent\nsudo firewall-cmd --zone=public --add-service=http --permanent\nsudo firewall-cmd --zone=public --add-service=https --permanent\nsudo firewall-cmd --reload<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"open-specific-ports\"><strong>Open Specific Ports<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code># Single TCP port\nsudo firewall-cmd --zone=public --add-port=8080\/tcp --permanent\n\n# Port range and UDP\nsudo firewall-cmd --zone=public --add-port=6000-6010\/tcp --permanent\nsudo firewall-cmd --zone=public --add-port=1194\/udp --permanent\n\nsudo firewall-cmd --reload<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"create-a-custom-service\"><strong>Create a Custom Service<\/strong><\/h3>\n\n\n\n<p><strong>Define your application once and reference it by name.<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># \/etc\/firewalld\/services\/myapp.xml\n&lt;?xml version=\"1.0\" encoding=\"utf-8\"?&gt;\n&lt;service&gt;\n  &lt;short&gt;myapp&lt;\/short&gt;\n  &lt;description&gt;Custom app on port 9000\/tcp&lt;\/description&gt;\n  &lt;port protocol=\"tcp\" port=\"9000\"\/&gt;\n&lt;\/service&gt;\n\n# Load and allow it\nsudo firewall-cmd --reload\nsudo firewall-cmd --zone=public --add-service=myapp --permanent\nsudo firewall-cmd --reload<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"remove-rules-cleanly\"><strong>Remove Rules Cleanly<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo firewall-cmd --zone=public --remove-service=http --permanent\nsudo firewall-cmd --zone=public --remove-port=8080\/tcp --permanent\nsudo firewall-cmd --reload<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"runtime-vs-permanent-configuration\"><strong>Runtime vs Permanent Configuration<\/strong><\/h2>\n\n\n\n<p>FirewallD keeps separate runtime and permanent configs. Runtime changes are immediate but lost on reboot. Permanent changes persist after reload or reboot.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"key-commands\"><strong>Key Commands<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code># Make current runtime rules persistent\nsudo firewall-cmd --runtime-to-permanent\n\n# Apply permanent rules to runtime\nsudo firewall-cmd --reload\n\n# See what\u2019s active\nsudo firewall-cmd --list-all\nsudo firewall-cmd --list-all --zone=public<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"rich-rules-masquerading-and-port-forwarding\"><strong>Rich Rules, Masquerading, and Port Forwarding<\/strong><\/h2>\n\n\n\n<p>Rich rules enable granular logic (source, destination, logging, rate limits) and NAT features like masquerading and port forwarding.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"allow-a-service-from-a-single-ip\"><strong>Allow a Service From a Single IP<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo firewall-cmd --add-rich-rule='rule family=\"ipv4\" \\\n  source address=\"198.51.100.10\" service name=\"ssh\" accept' --permanent\nsudo firewall-cmd --reload<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"rate-limit-and-log-access\"><strong>Rate-Limit and Log Access<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code># Log and limit SSH accepts to 10 per minute\nsudo firewall-cmd --add-rich-rule='rule family=\"ipv4\" service name=\"ssh\" \\\n  log prefix=\"FW-SSH \" level=\"notice\" limit value=\"2\/m\" accept' --permanent\nsudo firewall-cmd --reload\n\n# Global log of denied packets (optional)\nsudo sed -i 's\/^#*LogDenied=.*\/LogDenied=all\/' \/etc\/firewalld\/firewalld.conf\nsudo systemctl reload firewalld<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"nat-masquerading-and-port-forwarding\"><strong>NAT: Masquerading and Port Forwarding<\/strong><\/h3>\n\n\n\n<p>Use the external zone for internet-facing NICs when NATing. Ensure IP forwarding is enabled.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Enable IP forwarding (runtime and persistent)\necho 'net.ipv4.ip_forward=1' | sudo tee \/etc\/sysctl.d\/99-firewalld.conf\nsudo sysctl -p \/etc\/sysctl.d\/99-firewalld.conf\n\n# Enable masquerade (NAT) on public zone\nsudo firewall-cmd --zone=public --add-masquerade --permanent\n\n# Forward external port 80 to local 8080\nsudo firewall-cmd --zone=public \\\n  --add-forward-port=port=80:proto=tcp:toport=8080 --permanent\n\n# Forward external 2222 to internal host 10.0.0.10:22\nsudo firewall-cmd --zone=public \\\n  --add-forward-port=port=2222:proto=tcp:toaddr=10.0.0.10:toport=22 --permanent\n\nsudo firewall-cmd --reload<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"monitoring-testing-and-troubleshooting\"><strong>Monitoring, Testing, and Troubleshooting<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"inspect-active-rules\"><strong>Inspect Active Rules<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo firewall-cmd --list-all\nsudo firewall-cmd --list-all --zone=public\nsudo firewall-cmd --list-services\nsudo firewall-cmd --list-ports<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"test-connectivity\"><strong>Test Connectivity<\/strong><\/h3>\n\n\n\n<p>From a remote machine, validate open ports with curl or nmap. If using a cloud VM, confirm the cloud firewall allows the same ports.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>curl -I http:\/\/your.server.ip\nnmap -Pn -p 22,80,443 your.server.ip<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"common-issues-and-fixes\"><strong>Common Issues and Fixes<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Locked out of SSH: <\/strong>Use console\/KVM, allow SSH service, or place your admin IP in the trusted zone.<\/li>\n\n\n\n<li><strong>UFW conflict on Ubuntu: <\/strong>disable UFW if FirewallD is in use.<\/li>\n\n\n\n<li><strong>Service doesn\u2019t open: <\/strong>check the correct zone, cloud security groups, and whether the app listens on the right interface.<\/li>\n\n\n\n<li><strong>Unexpected drops: <\/strong>review LogDenied and journal logs: journalctl -u firewalld -f.<\/li>\n\n\n\n<li><strong>Emergency lockdown: <\/strong>firewall-cmd &#8211;panic-on (blocks all in\/out). Disable with &#8211;panic-off when ready.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"hardening-tips-for-2026\"><strong>Hardening Tips for 2026<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Principle of least privilege: <\/strong>only open what you need; prefer allowlists by IP for admin ports.<\/li>\n\n\n\n<li>Use public zone for internet, internal for private networks, and avoid trusted except for special cases.<\/li>\n\n\n\n<li>Log strategically and rate-limit sensitive services (SSH, RDP over tunnel).<\/li>\n\n\n\n<li>Automate with Ansible or cloud-init to keep rules consistent across servers.<\/li>\n\n\n\n<li><strong>Back up configs: <\/strong>tar \/etc\/firewalld before maintenance; use version control for custom service XML.<\/li>\n\n\n\n<li>Align OS firewall with provider-level firewalls for defense-in-depth.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"end-to-end-example-web-plus-ssh-plus-private-admin\"><strong>End-to-End Example: Web + SSH + Private Admin<\/strong><\/h2>\n\n\n\n<p><strong>This example allows public web traffic, restricts SSH to your office IP, and assigns the main NIC to public.<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Set public as default and assign interface\nsudo firewall-cmd --set-default-zone=public\nsudo firewall-cmd --zone=public --change-interface=eth0 --permanent\n\n# Public web\nsudo firewall-cmd --zone=public --add-service=http --permanent\nsudo firewall-cmd --zone=public --add-service=https --permanent\n\n# Restrict SSH to office IP\nsudo firewall-cmd --add-rich-rule='rule family=\"ipv4\" \\\n  source address=\"203.0.113.50\/32\" service name=\"ssh\" accept' --permanent\n\n# Deny other SSH implicitly (no generic ssh allow in public)\nsudo firewall-cmd --reload\nsudo firewall-cmd --list-all --zone=public<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"faqs-firewalld-on-linux-server\"><strong>FAQs: FirewallD on Linux Server<\/strong><\/h2>\n\n\n<div id=\"rank-math-faq\" class=\"rank-math-block\">\n<div class=\"rank-math-list \">\n<div id=\"faq-question-1765606073114\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"whats-the-difference-between-runtime-and-permanent-in-firewalld\"><strong>What\u2019s the difference between runtime and permanent in FirewallD?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Runtime rules take effect immediately but disappear after a restart. Permanent rules live in \/etc\/firewalld and apply after a reload or reboot. Use &#8211;permanent to write persistent rules, then run firewall-cmd &#8211;reload. To save your current runtime config as permanent, use firewall-cmd &#8211;runtime-to-permanent.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765606081827\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"how-do-i-open-a-port-in-firewalld\"><strong>How do I open a port in FirewallD?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Use either a named service or a port rule. For example: firewall-cmd &#8211;zone=public &#8211;add-service=http &#8211;permanent or firewall-cmd &#8211;zone=public &#8211;add-port=8080\/tcp &#8211;permanent, then firewall-cmd &#8211;reload. Verify with firewall-cmd &#8211;list-all and test from a remote host.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765606089077\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"which-linux-distributions-use-firewalld-by-default-in-2026\"><strong>Which Linux distributions use FirewallD by default in 2026?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>RHEL 8\/9, Rocky Linux, AlmaLinux, CentOS Stream, and Fedora use FirewallD by default. On Ubuntu 22.04\/24.04 and Debian, FirewallD is available via apt but UFW may be the default; disable UFW if you switch to FirewallD.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765606098783\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"how-can-i-allow-only-a-specific-ip-to-access-a-port\"><strong>How can I allow only a specific IP to access a port?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Create a rich rule that accepts traffic from that IP for the target service or port. Example: firewall-cmd &#8211;add-rich-rule=&#8217;rule family=&#8221;ipv4&#8243; source address=&#8221;198.51.100.10&#8243; port port=&#8221;3306&#8243; protocol=&#8221;tcp&#8221; accept&#8217; &#8211;permanent; then reload. Avoid generic allows that bypass this limit.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765606107676\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"does-firewalld-replace-iptables-or-nftables\"><strong>Does FirewallD replace iptables or nftables?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>FirewallD is a high-level manager that programs packet filters. On modern distributions it uses nftables as the backend; on older systems it may use iptables. You gain consistent commands (firewall-cmd) without manually writing nftables\/iptables rules.<\/p>\n\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>To configure FirewallD on a Linux server, install and enable the service, choose a default zone, then allow required services [&hellip;]<\/p>\n","protected":false},"author":13,"featured_media":15630,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"iawp_total_views":16,"footnotes":""},"categories":[350],"tags":[],"class_list":["post-12802","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-knowledgebase"],"acf":[],"featured_image_src":"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/How-to-Configure-FirewallD-on-Linux-Server.jpg","author_info":{"display_name":"Prahlad Prajapati","author_link":"https:\/\/www.youstable.com\/blog\/author\/prahladblog"},"_links":{"self":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/12802","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/users\/13"}],"replies":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/comments?post=12802"}],"version-history":[{"count":6,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/12802\/revisions"}],"predecessor-version":[{"id":15631,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/12802\/revisions\/15631"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/media\/15630"}],"wp:attachment":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/media?parent=12802"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/categories?post=12802"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/tags?post=12802"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}