{"id":13734,"date":"2026-01-07T10:23:26","date_gmt":"2026-01-07T04:53:26","guid":{"rendered":"https:\/\/www.youstable.com\/blog\/?p=13734"},"modified":"2026-01-07T10:23:29","modified_gmt":"2026-01-07T04:53:29","slug":"how-to-optimize-ufw-on-linux-server","status":"publish","type":"post","link":"https:\/\/www.youstable.com\/blog\/how-to-optimize-ufw-on-linux-server","title":{"rendered":"How to Optimize UFW on Linux Server in 2026 &#8211; Easy Guide"},"content":{"rendered":"\n<p><strong>To optimize UFW on a Linux server,<\/strong> define strict defaults (deny incoming, allow outgoing), allow only necessary services, enable IPv6, apply rate limiting for SSH, add rule comments, and maintain concise, ordered rules. Enhance logging judiciously, audit regularly, and handle advanced needs (Docker, port forwarding, IP sets) via UFW\u2019s before\/after rules for secure and performant control.<\/p>\n\n\n\n<p>Optimizing UFW (Uncomplicated Firewall) on a Linux server ensures your services are reachable, your surface area is minimal, and your firewall stays maintainable as your stack grows. This guide explains exactly how to optimize UFW on Linux Server step-by-step, with real-world best practices I use in hosting environments and production workloads.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"why-optimize-ufw-on-linux\"><strong>Why Optimize UFW on Linux?<\/strong><\/h2>\n\n\n\n<p>UFW is a friendly interface to Linux\u2019s netfilter (iptables\/nftables). By optimizing it, you reduce misconfigurations, lower attack surface, maintain performance, and make audits easy. The result: faster incident response and fewer open doors.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"quick-start-secure-defaults-and-essential-rules\"><strong>Quick-Start: Secure Defaults and Essential Rules<\/strong><\/h2>\n\n\n\n<p>Start with secure defaults and the minimum set of allow rules. Always <a href=\"https:\/\/www.youstable.com\/blog\/how-to-enable-ssh-access-for-clients-or-users\/\">enable UFW only after confirming SSH access<\/a> is permitted, especially on cloud\/VPS servers.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># 1) <a href=\"https:\/\/www.youstable.com\/blog\/install-selinux-on-linux\/\">Install and check status<\/a>\nsudo apt update &amp;&amp; sudo apt <a href=\"https:\/\/www.youstable.com\/blog\/install-ufw-on-linux\/\">install ufw<\/a> -y\nsudo ufw status verbose\n\n# 2) Enable IPv6 if your server supports it\n# Edit \/etc\/ufw\/ufw.conf and set:\n# IPV6=yes\nsudo sudo sed -i 's\/^IPV6=.*\/IPV6=yes\/' \/etc\/ufw\/ufw.conf\n\n# 3) Default policies: deny inbound, allow outbound\nsudo ufw default deny incoming\nsudo ufw default allow outgoing\n\n# 4) Allow SSH securely (port 22 or your custom port)\nsudo ufw allow 22\/tcp comment \"Allow SSH\"\n\n# 5) Enable UFW\nsudo ufw enable\n\n# 6) Verify\nsudo ufw status numbered\n<\/code><\/pre>\n\n\n\n<p>If you use a non-standard SSH port, replace <code>22\/tcp<\/code> accordingly. Test SSH in a second session before closing your current one to avoid lockout.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"ufw-best-practices-that-actually-matter\"><strong>UFW Best Practices (That Actually Matter)<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"1-keep-rules-minimal-specific-and-commented\"><strong>1) Keep Rules Minimal, Specific, and Commented<\/strong><\/h3>\n\n\n\n<p>Concise rules are faster to read, easier to audit, and less error-prone.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use explicit ports and protocols (e.g., <code>443\/tcp<\/code>).<\/li>\n\n\n\n<li>Prefer subnets over many single IPs where appropriate.<\/li>\n\n\n\n<li>Comment every rule to capture intent.<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code># Web server example\nsudo ufw allow 80\/tcp comment \"Allow HTTP\"\nsudo ufw allow 443\/tcp comment \"Allow HTTPS\"\n\n# Restrict admin panels to your office IP\nsudo ufw allow from 203.0.113.10 to any port 8443 proto tcp comment \"Admin panel (office)\"\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"2-use-application-profiles\"><strong>2) Use Application Profiles<\/strong><\/h3>\n\n\n\n<p>UFW ships with app profiles in <code>\/etc\/ufw\/applications.d<\/code>. This keeps service rules reusable and readable.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Discover available profiles\nsudo ufw app list\n\n# View a profile\u2019s details\nsudo ufw app info \"OpenSSH\"\n\n# Allow by profile\nsudo ufw allow \"Nginx Full\" comment \"Web stack\"\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"3-enable-ipv6-everywhere\"><strong>3) Enable IPv6 Everywhere<\/strong><\/h3>\n\n\n\n<p>If your server has AAAA records or IPv6 connectivity, mirror IPv4 rules for IPv6. Set <code>IPV6=yes<\/code> in <code>\/etc\/ufw\/ufw.conf<\/code>, then reload:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo ufw reload\nsudo ufw status verbose\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"4-rate-limit-attack-surfaces-ssh-apis\"><strong>4) Rate-Limit Attack Surfaces (SSH, APIs)<\/strong><\/h3>\n\n\n\n<p>UFW can throttle repeated connection attempts. Use it on <a href=\"https:\/\/www.youstable.com\/blog\/what-is-fail2ban-on-linux-server\/\">SSH and sensitive endpoints to slow brute-force attacks<\/a>.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Applies a simple rate limit (per IP)\nsudo ufw limit 22\/tcp comment \"Limit SSH brute force\"\n# Example API rate limit\nsudo ufw limit 8443\/tcp comment \"Limit admin API\"\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"5-choose-appropriate-logging-level\"><strong>5) Choose Appropriate Logging Level<\/strong><\/h3>\n\n\n\n<p>Logging helps audits, but too much logging hurts performance and fills disks. Use <code>low<\/code> or <code>medium<\/code> in production unless investigating.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Off, low, medium, high, full\nsudo ufw logging medium\n# Logs typically appear in \/var\/log\/ufw.log\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"6-order-and-clean-rules-regularly\"><strong>6) Order and Clean Rules Regularly<\/strong><\/h3>\n\n\n\n<p>UFW evaluates rules in order. Audit and remove stale rules to avoid conflicts.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Show rules with numbers\nsudo ufw status numbered\n\n# Delete rule by number (example)\nsudo ufw delete 3\n\n# Disable\/Enable to force reapply (careful on remote servers)\nsudo ufw disable\nsudo ufw enable\n<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"security-baseline-proven-ufw-configuration\"><strong>Security Baseline: Proven UFW Configuration<\/strong><\/h2>\n\n\n\n<p>Use this baseline as a starting point for most <a href=\"https:\/\/www.youstable.com\/blog\/what-is-nginx-on-linux-server\/\">web servers<\/a>. Adjust ports, IPs, and comments to your environment.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Secure defaults\nsudo ufw default deny incoming\nsudo ufw default allow outgoing\n\n# Core access\nsudo ufw allow 22\/tcp comment \"SSH\"\nsudo ufw limit 22\/tcp comment \"Limit SSH brute force\"\n\n# Web stack\nsudo ufw allow 80\/tcp comment \"HTTP\"\nsudo ufw allow 443\/tcp comment \"HTTPS\"\n\n# Database (local only)\nsudo ufw deny 3306\/tcp comment \"Block MySQL external\"\nsudo ufw allow from 127.0.0.1 to any port 3306 proto tcp comment \"MySQL local\"\n\n# Optional: Admin panel restricted to trusted IP\nsudo ufw allow from 203.0.113.10 to any port 8443 proto tcp comment \"Admin panel\"\n\n# Review &amp; enable\nsudo ufw status numbered\nsudo ufw enable\n<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"advanced-optimization-for-real-world-stacks\"><strong>Advanced Optimization for Real-World Stacks<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"docker-and-ufw\"><strong>Docker and UFW<\/strong><\/h3>\n\n\n\n<p>Docker manipulates iptables rules directly, which can surprise UFW users. Recommended approach:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Keep UFW managing external exposure (host ports you publish).<\/li>\n\n\n\n<li>Use Docker\u2019s <code>--publish<\/code> carefully and restrict with UFW \u201callow from\u201d rules.<\/li>\n\n\n\n<li>For strict control, use the DOCKER-USER chain or add vetted rules to UFW\u2019s <code>before.rules<\/code>.<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code># Example: only allow HTTP to a containerized service from a specific subnet\nsudo ufw allow from 198.51.100.0\/24 to any port 80 proto tcp comment \"Subnet access to containerized HTTP\"\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"port-forwarding-and-nat-with-ufw\"><strong>Port Forwarding and NAT with UFW<\/strong><\/h3>\n\n\n\n<p>For reverse proxies or edge servers, you might forward ports. Edit <code>\/etc\/ufw\/sysctl.conf<\/code> to enable forwarding and add NAT rules in <code>\/etc\/ufw\/before.rules<\/code>. Example: forward 80 to 8080.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># \/etc\/ufw\/sysctl.conf\nnet\/ipv4\/ip_forward=1\nnet\/ipv6\/conf\/default\/forwarding=1\nnet\/ipv6\/conf\/all\/forwarding=1\n\n# \/etc\/ufw\/before.rules (add near the top, after *filter comments)\n*nat\n:PREROUTING ACCEPT &#91;0:0]\n:POSTROUTING ACCEPT &#91;0:0]\n-A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080\nCOMMIT\n\n# Apply changes\nsudo ufw disable &amp;&amp; sudo ufw enable\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"blocking-large-ip-lists-efficiently-ipset\"><strong>Blocking Large IP Lists Efficiently (ipset)<\/strong><\/h3>\n\n\n\n<p>UFW doesn\u2019t natively manage ipsets, but you can combine them via <code>before.rules<\/code> for performance when blocking many IPs.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Create an ipset of abusive IPs (example)\nsudo ipset create blackhole hash:ip\nsudo ipset add blackhole 203.0.113.55\nsudo ipset add blackhole 198.51.100.23\n\n# Reference it in UFW's raw rules\n# \/etc\/ufw\/before.rules (filter table)\n*filter\n:ufw-before-input - &#91;0:0]\n-A ufw-before-input -m set --match-set blackhole src -j DROP\nCOMMIT\n\n# Reload UFW\nsudo ufw reload\n<\/code><\/pre>\n\n\n\n<p>Use ipsets for large or dynamic lists (e.g., threat feeds), keeping UFW\u2019s high-level rules clean and fast.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"integrating-fail2ban-with-ufw\"><strong>Integrating Fail2ban with UFW<\/strong><\/h3>\n\n\n\n<p>Fail2ban can ban abusive IPs by injecting UFW rules. In <code>\/etc\/fail2ban\/jail.local<\/code>, set <code>banaction = ufw<\/code> for applicable jails. This provides automated, temporary blocks that complement UFW\u2019s static policy.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"performance-tips-keep-ufw-fast\"><strong>Performance Tips: Keep UFW Fast<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Prefer CIDR ranges and application profiles over dozens of near-duplicate rules.<\/li>\n\n\n\n<li>Consolidate port ranges (e.g., <code>10000:10100\/tcp<\/code>) for clusters of services.<\/li>\n\n\n\n<li>Use ipset for large block\/allow lists.<\/li>\n\n\n\n<li>Choose sensible logging (avoid high\/full unless necessary).<\/li>\n\n\n\n<li>Periodically export and audit: <code>ufw status numbered &gt; ufw-audit.txt<\/code>.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"verification-and-auditing\"><strong>Verification and Auditing<\/strong><\/h2>\n\n\n\n<p>Always verify that the firewall does what you expect before and after changes\u2014especially on remote servers.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Connectivity: test with <code>ssh<\/code>, <code>curl<\/code>, or a secondary session.<\/li>\n\n\n\n<li>Port scanning from a safe source: <code>nmap -Pn &lt;server-ip&gt;<\/code>.<\/li>\n\n\n\n<li>Status review: <code>sudo ufw status verbose<\/code> and <code>sudo ufw status numbered<\/code>.<\/li>\n\n\n\n<li>Logs: tail <code>\/var\/log\/ufw.log<\/code> during tests for denials.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"common-ufw-tasks-copy-paste-ready\"><strong>Common UFW Tasks (Copy-Paste Ready)<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"allow-deny-and-delete-rules\"><strong>Allow, Deny, and Delete Rules<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code># Allow a single port\nsudo ufw allow 25\/tcp comment \"SMTP\"\n\n# Allow a port range\nsudo ufw allow 10000:10100\/tcp comment \"App range\"\n\n# Restrict to a subnet\nsudo ufw allow from 10.0.0.0\/24 to any port 22 proto tcp comment \"SSH from VPN subnet\"\n\n# Deny a port\nsudo ufw deny 21\/tcp comment \"Block FTP\"\n\n# Delete by rule number\nsudo ufw status numbered\nsudo ufw delete &lt;number&gt;\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"backup-and-restore-ufw\"><strong>Backup and Restore UFW<\/strong><\/h3>\n\n\n\n<p>UFW rules live in files under <code>\/etc\/ufw<\/code>. You can back up the configuration and restore it if needed.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Backup rules and config\nsudo tar czf ufw-backup-$(date +%F).tar.gz \/etc\/ufw\n\n# Restore\nsudo tar xzf ufw-backup-YYYY-MM-DD.tar.gz -C \/\nsudo ufw disable &amp;&amp; sudo ufw enable\n<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"troubleshooting-tips\"><strong>Troubleshooting Tips<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Locked out of SSH? Use the provider console (VNC\/serial) to allow SSH, then re-enable UFW.<\/li>\n\n\n\n<li>No IPv6 filtering? Ensure <code>IPV6=yes<\/code> and mirror IPv4 rules.<\/li>\n\n\n\n<li>Unexpected exposure with Docker? Review published ports and consider DOCKER-USER\/before.rules hardening.<\/li>\n\n\n\n<li>High CPU from logging? Lower logging level and rotate logs.<\/li>\n\n\n\n<li>Broken NAT\/forwarding? Verify sysctl forwarding and before.rules syntax, then re-enable UFW.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"conclusion\"><strong>Conclusion<\/strong><\/h2>\n\n\n\n<p><a href=\"https:\/\/www.youstable.com\/blog\/optimize-redis-on-linux\/\">Optimizing UFW on a Linux server<\/a> is about smart defaults, minimal exposure, and disciplined maintenance. Define strict policies, enable IPv6, rate-limit attack surfaces, keep rules tidy, and use advanced techniques (ipset, NAT, Docker hardening) when needed. With this approach, your firewall stays simple, fast, and resilient as your infrastructure scales.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"faqs\"><strong>FAQ&#8217;s<\/strong><\/h2>\n\n\n<div id=\"rank-math-faq\" class=\"rank-math-block\">\n<div class=\"rank-math-list \">\n<div id=\"faq-question-1765872435643\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"1-is-ufw-better-than-iptables-or-firewalld\">1. <strong>Is UFW better than iptables or firewalld?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>UFW is a user-friendly front end to netfilter (iptables\/nftables). It\u2019s ideal for single servers and small fleets. Firewalld offers zones and is popular on RHEL\/CentOS. Raw iptables\/nftables provide the most control. Choose UFW for simplicity, firewalld for zone-based workflows, and raw rules for complex, large-scale scenarios.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765872445337\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"2-does-ufw-affect-server-performance\">2. <strong>Does UFW affect server performance?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>With a modest number of rules, the performance impact is negligible. Issues appear when managing very large IP lists or heavy logging. Keep rules minimal, use ipset for bulk blocks, and set logging to low\/medium for optimal performance.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765872450720\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"3-how-do-i-whitelist-a-single-ip-for-ssh-in-ufw\">3. <strong>How do I whitelist a single IP for SSH in UFW?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Use a source-specific rule and optionally block other SSH access. Example: <code>sudo ufw allow from 203.0.113.10 to any port 22 proto tcp comment \"SSH from office\"<\/code>. Then ensure you haven\u2019t left a broad <code>allow 22\/tcp<\/code> that defeats the restriction.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765872462653\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"4-how-do-i-enable-and-secure-ipv6-with-ufw\">4. <strong>How do I enable and secure IPv6 with UFW?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Set <code>IPV6=yes<\/code> in <code>\/etc\/ufw\/ufw.conf<\/code>, reload UFW, and mirror your IPv4 rules. Confirm with <code>ufw status verbose<\/code> and test from an IPv6-capable client to ensure services are reachable and filtered correctly.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765872471237\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"5-can-ufw-protect-containerized-workloads\">5. <strong>Can UFW protect containerized workloads?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Yes\u2014UFW can restrict which external sources reach published container ports. For deeper control, complement UFW with rules in the DOCKER-USER chain or UFW\u2019s <code>before.rules<\/code>, and avoid unnecessary <code>--publish<\/code> ports. Keep host exposure minimal and validate with <code>nmap<\/code>.<\/p>\n\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>To optimize UFW on a Linux server, define strict defaults (deny incoming, allow outgoing), allow only necessary services, enable IPv6, [&hellip;]<\/p>\n","protected":false},"author":13,"featured_media":17204,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"iawp_total_views":4,"footnotes":""},"categories":[350],"tags":[],"class_list":["post-13734","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-knowledgebase"],"acf":[],"featured_image_src":"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/How-to-Optimize-UFW-on-Linux-Server.jpg","author_info":{"display_name":"Prahlad Prajapati","author_link":"https:\/\/www.youstable.com\/blog\/author\/prahladblog"},"_links":{"self":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/13734","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/users\/13"}],"replies":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/comments?post=13734"}],"version-history":[{"count":5,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/13734\/revisions"}],"predecessor-version":[{"id":17206,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/13734\/revisions\/17206"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/media\/17204"}],"wp:attachment":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/media?parent=13734"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/categories?post=13734"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/tags?post=13734"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}