{"id":14196,"date":"2025-12-27T12:04:47","date_gmt":"2025-12-27T06:34:47","guid":{"rendered":"https:\/\/www.youstable.com\/blog\/?p=14196"},"modified":"2025-12-27T12:04:49","modified_gmt":"2025-12-27T06:34:49","slug":"create-firewalld-on-linux","status":"publish","type":"post","link":"https:\/\/www.youstable.com\/blog\/create-firewalld-on-linux","title":{"rendered":"How to Create FirewallD on Linux Server in 2026? &#8211; (Step by Step Guide)"},"content":{"rendered":"\n<p><strong>To create FirewallD on a Linux server<\/strong>, install the firewalld package, enable and start the service, choose an appropriate default zone, and allow only required services\/ports. <\/p>\n\n\n\n<p>Use firewall cmd to manage runtime and permanent rules, then reload and verify your configuration to lock down network access while keeping critical applications reachable. In this guide, you\u2019ll learn exactly <strong>how to create, install, and configure FirewallD<\/strong> on a Linux server.<\/p>\n\n\n\n<p>We\u2019ll cover installation for major distributions, core concepts like zones and services, practical commands for opening ports, rich rules for fine grained control, NAT\/port forwarding, and security best practices everything you need to run a production grade <strong><a href=\"https:\/\/www.youstable.com\/blog\/configure-csf-firewall-on-linux\/\">Linux firewall<\/a> <\/strong>confidently.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"what-is-firewalld-and-why-use-it\"><strong>What is FirewallD and Why Use it?<\/strong><\/h2>\n\n\n\n<p><strong>FirewallD is a dynamic firewall manager<\/strong> for Linux that uses nftables (or iptables on older systems) to control network traffic.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"800\" height=\"533\" src=\"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/image-109.png\" alt=\"Create FirewallD on Linux\" class=\"wp-image-14549\" srcset=\"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/image-109.png 800w, https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/image-109-150x100.png 150w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><\/figure>\n\n\n\n<p>It provides zones, service definitions, and runtime vs permanent states, making firewall changes seamless without dropping active connections. It\u2019s the default on RHEL, CentOS, AlmaLinux, Rocky Linux, and Fedora, and available on Ubuntu\/Debian.<\/p>\n\n\n\n<p><strong>Key advantages:-<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Dynamic updates without restarting or interrupting connections<\/li>\n\n\n\n<li>Human-friendly abstractions: zones and predefined services<\/li>\n\n\n\n<li>Rich rules for granular control (sources, logging, rate limits)<\/li>\n\n\n\n<li>First-class IPv4\/IPv6 support and NAT\/masquerading<\/li>\n\n\n\n<li>Native integration with NetworkManager on many distros<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"prerequisites-and-supported-distros\"><strong>Prerequisites and Supported Distros<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A Linux server (RHEL, CentOS, AlmaLinux, Rocky Linux, Fedora, Ubuntu, Debian, openSUSE)<\/li>\n\n\n\n<li>Root or sudo access<\/li>\n\n\n\n<li>Package manager access (dnf\/yum, apt, or zypper)<\/li>\n\n\n\n<li>OpenSSH access and console access (in case you lock yourself out)<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"install-and-enable-firewalld\"><strong>Install and Enable FirewallD<\/strong><\/h2>\n\n\n\n<p>Choose your distribution and run the relevant commands below.<\/p>\n\n\n\n<p><strong>RHEL \/ CentOS \/ AlmaLinux \/ Rocky Linux \/ Fedora:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo dnf <a href=\"https:\/\/www.youstable.com\/blog\/install-firewalld-on-linux\/\">install -y firewalld<\/a>\nsudo systemctl enable --now firewalld\nsudo firewall-cmd --state\n<\/code><\/pre>\n\n\n\n<p><strong>Ubuntu \/ Debian (consider disabling UFW if it\u2019s enabled):<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo apt update\nsudo apt install -y firewalld\nsudo systemctl enable --now firewalld\nsudo ufw disable  # optional: avoid conflicts\nsudo firewall-cmd --state\n<\/code><\/pre>\n\n\n\n<p><strong>openSUSE:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo zypper install -y firewalld\nsudo systemctl enable --now firewalld\nsudo firewall-cmd --state\n<\/code><\/pre>\n\n\n\n<p>If you\u2019re migrating from iptables, note that modern FirewallD uses the nftables backend:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo firewall-cmd --get-backend  # expected: nftables\n<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"core-concepts-zones-services-and-states\"><strong>Core Concepts: Zones, Services, and States<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"zones\"><strong>Zones<\/strong><\/h3>\n\n\n\n<p>Zones are trust levels (e.g., public, home, work, internal, dmz, drop). Each network interface or source IP can be bound to a zone. The active zone controls what traffic is allowed.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo firewall-cmd --get-default-zone\nsudo firewall-cmd --get-active-zones\nsudo firewall-cmd --zone=public --list-all\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"services\"><strong>Services<\/strong><\/h3>\n\n\n\n<p>Services are named rule bundles (e.g., ssh, http, https, mysql) defined in XML. They open the correct port\/protocol combo without you remembering <a href=\"https:\/\/www.youstable.com\/blog\/webmail-port-numbers\/\">port numbers<\/a>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"runtime-vs-permanent\"><strong>Runtime vs Permanent<\/strong><\/h3>\n\n\n\n<p>Runtime changes apply immediately and reset on restart; permanent changes persist after reload\/reboot. Use both to test safely: apply runtime first, confirm access, then make it permanent and reload.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"quick-start-secure-access-and-keep-ssh-alive\"><strong>Quick Start: Secure Access and Keep SSH Alive<\/strong><\/h2>\n\n\n\n<p>Lock in a safe baseline: ensure <a href=\"https:\/\/www.youstable.com\/blog\/how-to-enable-ssh-access-for-clients-or-users\/\">SSH stays open and enable<\/a> common web services.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Ensure SSH is allowed in your default (or public) zone:\nsudo firewall-cmd --add-service=ssh\nsudo firewall-cmd --runtime-to-permanent\nsudo firewall-cmd --reload\n\n# Allow HTTP and HTTPS permanently:\nsudo firewall-cmd --add-service=http --permanent\nsudo firewall-cmd --add-service=https --permanent\nsudo firewall-cmd --reload\n\n# Verify:\nsudo firewall-cmd --list-services\n<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"common-firewalld-tasks-with-examples\"><strong>Common FirewallD Tasks (With Examples)<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"open-or-close-specific-ports\"><strong>Open or Close Specific Ports<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code># Open TCP 8080 in the public zone:\nsudo firewall-cmd --zone=public --add-port=8080\/tcp --permanent\nsudo firewall-cmd --reload\n\n# Remove it:\nsudo firewall-cmd --zone=public --remove-port=8080\/tcp --permanent\nsudo firewall-cmd --reload\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"add-or-remove-services\"><strong>Add or Remove Services<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code># Allow MySQL server port via service:\nsudo firewall-cmd --add-service=mysql --permanent\nsudo firewall-cmd --reload\n\n# Or remove a service:\nsudo firewall-cmd --remove-service=mysql --permanent\nsudo firewall-cmd --reload\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"change-default-zone-and-bind-interfaces\"><strong>Change Default Zone and Bind Interfaces<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code># Set default zone:\nsudo firewall-cmd --set-default-zone=public\n\n# Attach interface to a zone:\nsudo firewall-cmd --zone=internal --change-interface=eth0\nsudo firewall-cmd --zone=internal --list-all\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"create-rich-rules-granular-policies\"><strong>Create Rich Rules (Granular Policies)<\/strong><\/h3>\n\n\n\n<p>Rich rules add source\/destination filters, logging, time limits, and more.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Block a single IP:\nsudo firewall-cmd --add-rich-rule='rule family=\"ipv4\" source address=\"203.0.113.10\" reject' --permanent\n\n# Allow SSH from a trusted subnet only:\nsudo firewall-cmd --add-rich-rule='rule family=\"ipv4\" source address=\"192.0.2.0\/24\" service name=\"ssh\" accept' --permanent\n\n# Rate-limit SSH accepts (example: 3 per minute):\nsudo firewall-cmd --add-rich-rule='rule service name=\"ssh\" limit value=\"3\/m\" accept' --permanent\n\nsudo firewall-cmd --reload\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"nat-masquerading-and-port-forwarding\"><strong>NAT, Masquerading, and Port Forwarding<\/strong><\/h3>\n\n\n\n<p>Enable masquerading when forwarding traffic between networks (common on gateways) or when forwarding to another host.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Enable masquerade for the zone that faces the internet:\nsudo firewall-cmd --zone=public --add-masquerade --permanent\n\n# Forward incoming TCP\/80 to local 8080 (same host):\nsudo firewall-cmd --zone=public --add-forward-port=port=80:proto=tcp:toport=8080 --permanent\n\n# Forward TCP\/8443 to another server:\nsudo firewall-cmd --zone=public --add-forward-port=port=8443:proto=tcp:toaddr=10.10.0.50:toport=443 --permanent\n\nsudo firewall-cmd --reload\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"panic-mode-and-logging\"><strong>Panic Mode and Logging<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code># Temporarily drop all traffic (use carefully, may cut SSH):\nsudo firewall-cmd --panic-on\nsudo firewall-cmd --panic-off\n\n# Log denied packets:\nsudo firewall-cmd --set-log-denied=all\n# View logs:\njournalctl -xe | grep -i \"denied\"\n<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"create-a-custom-service-recommended-for-apps\"><strong>Create a Custom Service (Recommended for Apps)<\/strong><\/h2>\n\n\n\n<p>If your app doesn\u2019t match a predefined service, define a clean, reusable service instead of opening raw ports each time.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo tee \/etc\/firewalld\/services\/myapp.xml &gt;\/dev\/null &lt;&lt;'EOF'\n&lt;service&gt;\n  &lt;short&gt;myapp&lt;\/short&gt;\n  &lt;description&gt;Custom app listening on TCP 9000&lt;\/description&gt;\n  &lt;port protocol=\"tcp\" port=\"9000\"\/&gt;\n&lt;\/service&gt;\nEOF\n\nsudo firewall-cmd --reload\nsudo firewall-cmd --add-service=myapp --permanent\nsudo firewall-cmd --reload\nsudo firewall-cmd --list-services\n<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"verification-and-troubleshooting\"><strong>Verification and Troubleshooting<\/strong><\/h2>\n\n\n\n<p>Verify open ports and active zones, and test connectivity from a client machine.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Inspect configuration:\nsudo firewall-cmd --check-config\nsudo firewall-cmd --get-active-zones\nsudo firewall-cmd --list-all\n\n# Confirm listeners:\nsudo ss -tulpn\n\n# Scan from another host (replace IP):\nnmap -Pn -p 22,80,443,9000 SERVER_IP\n<\/code><\/pre>\n\n\n\n<p>SELinux tip (RHEL-family): if your service uses a nonstandard port, allow it in SELinux too:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Example: allow HTTP on TCP\/8080:\nsudo semanage port -a -t http_port_t -p tcp 8080\n# If semanage is missing:\nsudo dnf install -y policycoreutils-python-utils\n<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"backup-and-restore-your-firewalld-configuration\"><strong>Backup and Restore Your FirewallD Configuration<\/strong><\/h2>\n\n\n\n<p>Configuration lives under \/etc\/firewalld. Always commit runtime changes to permanent before backup.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Persist runtime to permanent:\nsudo firewall-cmd --runtime-to-permanent\n\n# Backup:\nsudo tar czf firewalld-backup-$(date +%F).tar.gz \/etc\/firewalld\n\n# Restore:\nsudo tar xzf firewalld-backup-YYYY-MM-DD.tar.gz -C \/\nsudo firewall-cmd --reload\n<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"firewalld-vs-ufw-vs-raw-iptables-nft\"><strong>FirewallD vs UFW vs Raw iptables\/nft<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>FirewallD:<\/strong> Dynamic, zone-based, enterprise-friendly; great on RHEL\/Fedora-family and cross-distro.<\/li>\n\n\n\n<li><strong>UFW:<\/strong> Simplified firewall for Ubuntu; excellent for quick server setups.<\/li>\n\n\n\n<li><strong>Raw iptables\/nft:<\/strong> Ultimate control but steeper learning curve; best for specialized cases or custom scripts.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"best-practices-for-production-servers\"><strong>Best Practices for Production Servers<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Deny by default; allow only what you need (principle of least privilege).<\/li>\n\n\n\n<li>Lock SSH to trusted IPs\/subnets; consider nonstandard ports and key-based auth.<\/li>\n\n\n\n<li>Separate interfaces into appropriate zones (public vs internal).<\/li>\n\n\n\n<li>Use services over raw ports for readability and maintenance.<\/li>\n\n\n\n<li>Document changes, back up \/etc\/firewalld, and version-control custom service files.<\/li>\n\n\n\n<li>Enable logging of denied packets for auditing; regularly review logs.<\/li>\n\n\n\n<li>Test with a secondary session to avoid locking yourself out.<\/li>\n\n\n\n<li>Combine with SELinux\/AppArmor and <a href=\"https:\/\/www.youstable.com\/blog\/how-to-monitor-secure-fail2ban-on-linux-server\/\">fail2ban for layered security<\/a>.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"automation-tip-ansible\"><strong>Automation Tip (Ansible)<\/strong><\/h2>\n\n\n\n<p>Codify your firewall with Ansible to keep environments consistent:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>- name: Harden firewall\n  hosts: web\n  become: true\n  tasks:\n    - ansible.builtin.package:\n        name: firewalld\n        state: present\n    - ansible.builtin.service:\n        name: firewalld\n        state: started\n        enabled: true\n    - ansible.posix.firewalld:\n        service: ssh\n        state: enabled\n        permanent: true\n        immediate: true\n        zone: public\n    - ansible.posix.firewalld:\n        service: http\n        state: enabled\n        permanent: true\n        immediate: true\n        zone: public\n<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"when-managed-security-makes-sense\"><strong>When Managed Security Makes Sense<\/strong><\/h2>\n\n\n\n<p>If you\u2019d rather not worry about firewall architecture, hardening, and audits, a <a href=\"https:\/\/www.youstable.com\/blog\/benefits-of-fully-managed-dedicated-server\/\">managed VPS or dedicated server from YouStable<\/a> can help. Our team provisions FirewallD with best-practice zones, monitors exposed surfaces, and assists with complex NAT or multi-network setups\u2014all while keeping your stack performant and compliant.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"faqs-firewalld-on-linux-server\"><strong>FAQ&#8217;s &#8211; FirewallD on Linux Server<\/strong><\/h2>\n\n\n<div id=\"rank-math-faq\" class=\"rank-math-block\">\n<div class=\"rank-math-list \">\n<div id=\"faq-question-1765960063115\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"how-do-i-install-and-start-firewalld-on-linux\"><strong>How do I install and start FirewallD on Linux?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>On RHEL-family systems, run: dnf install -y firewalld; systemctl enable &#8211;now firewalld. On Ubuntu\/Debian: apt install -y firewalld; systemctl enable &#8211;now firewalld. Verify with firewall-cmd &#8211;state. Disable UFW on Ubuntu to avoid conflicts if you use FirewallD.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765960070321\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"what-is-the-difference-between-runtime-and-permanent-in-firewalld\"><strong>What is the difference between runtime and permanent in FirewallD?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Runtime changes apply immediately and disappear after reboot or service restart. Permanent changes are saved to disk and activated after a reload. Safest workflow: test at runtime, then apply permanent and reload once confirmed.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765960077340\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"how-do-i-open-a-port-in-firewalld\"><strong>How do I open a port in FirewallD?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Use firewall-cmd &#8211;zone=public &#8211;add-port=PORT\/proto &#8211;permanent; firewall-cmd &#8211;reload. Example: firewall-cmd &#8211;zone=public &#8211;add-port=8080\/tcp &#8211;permanent. Prefer services when available: firewall-cmd &#8211;add-service=http &#8211;permanent.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765960088847\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"how-can-i-restrict-ssh-to-a-specific-ip-range\"><strong>How can I restrict SSH to a specific IP range?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Use a rich rule: firewall-cmd &#8211;add-rich-rule=&#8217;rule family=&#8221;ipv4&#8243; source address=&#8221;192.0.2.0\/24&#8243; service name=&#8221;ssh&#8221; accept&#8217; &#8211;permanent; firewall-cmd &#8211;reload. Remove the generic ssh service if it\u2019s globally enabled to avoid wider access.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765960095397\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"does-firewalld-support-port-forwarding-and-nat\"><strong>Does FirewallD support port forwarding and NAT?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Yes. Enable masquerade on the internet-facing zone and add forward-port rules. Example: firewall-cmd &#8211;zone=public &#8211;add-masquerade &#8211;permanent; firewall-cmd &#8211;zone=public &#8211;add-forward-port=port=80:proto=tcp:toport=8080 &#8211;permanent; firewall-cmd &#8211;reload.<\/p>\n\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"conclusion\"><strong>Conclusion<\/strong><\/h2>\n\n\n\n<p>Creating FirewallD on a Linux server is straightforward: install, enable, set zones, allow necessary services, and verify. With zones, services, and rich rules, you can implement a strong, flexible perimeter quickly. Follow the best practices above\u2014and if you need a hand hardening at scale, YouStable\u2019s <a href=\"https:\/\/www.youstable.com\/blog\/benefits-of-web-hosting-control-panel-for-managed-hosting\/\">managed hosting<\/a> team is ready to help.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>To create FirewallD on a Linux server, install the firewalld package, enable and start the service, choose an appropriate default [&hellip;]<\/p>\n","protected":false},"author":21,"featured_media":16347,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[350],"tags":[],"class_list":["post-14196","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-knowledgebase"],"acf":[],"featured_image_src":"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/How-to-Create-FirewallD-on-Linux-Server.jpg","author_info":{"display_name":"Sanjeet Chauhan","author_link":"https:\/\/www.youstable.com\/blog\/author\/sanjeet"},"_links":{"self":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/14196","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/users\/21"}],"replies":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/comments?post=14196"}],"version-history":[{"count":4,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/14196\/revisions"}],"predecessor-version":[{"id":14551,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/14196\/revisions\/14551"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/media\/16347"}],"wp:attachment":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/media?parent=14196"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/categories?post=14196"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/tags?post=14196"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}