How it works...

All of the preceding examples interact with the kernel's Netfilter framework—they just do the same thing using different tools.

When you list rules on the command line, you're querying what the kernel knows to be the security rules for a box.

The reason you can list rules with both the iptables and firewall-cmd commands (in the case of CentOS) is because they're only acting as userland frontends.

UFW is the same, just in the Ubuntu world.

This is the reason you find a lot of setup scripts in the wild that will remove extra firewall tools, such as firewalld, and that simply use the iptables suite to manage the firewall.