How it works...

Each of these examples are used to manipulate the running firewall configuration on your box. When you use the userland tools, as with the querying examples in the last section, you're actually modifying the Netfilter framework of the kernel.

Personally, I find it easiest to understand what's going on by using the iptables command, though you may find yourself more comfortable with an alternative.

As we saw in the last section, if you enable firewalld or ufw, you will also find that your default iptables rules change. Without firewalld or ufw enabled, the out-of-the-box iptables configuration will be much simpler, as we can see in the following lines:

$ sudo iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT

Whenever we modified our firewall, our changes were instantly applied.

Breaking this down, if we go back to our iptables example, we can step through what we did:

$ sudo iptables -A INPUT -s 10.0.2.0/24 -p tcp -m tcp --dport 22 -j ACCEPT

Here, we modify iptables using the iptables userland tool:

$ sudo iptables

We then append a rule to our INPUT chain (a chain resides within a table):

-A INPUT

We set the source of traffic as our VirtualBox subnet:

-s 10.0.2.0/24

We specify the protocol and use the extended match feature:

-p tcp -m tcp

We say that the destination port should be 22 (the SSH port):

--dport 22

Finally, we say that we should ACCEPT this traffic:

-j ACCEPT