iptables is the program that determines what kinds of network packets are allowed/denied. A typical firewall will deny all incoming traffic except for specific ports you want to open.

The way Tails does it (and I assume Start9 is the same) is to deny all incoming and outgoing traffic except on the ToR ports. You can relax this requirement by deleting rules, or adding new rules at higher priority that, say, open specific ports.

The iptables command is somewhat esoteric, but once you figure it out, you can get it to list the current rules so you can then make changes.