Suppose the default “iptables -P INPUT ACCEPT” for all connections (and if DROP, which is very desirable, then we do not use all the DROP rules below, we only perform ACCEPT).
Since Asterisk AMI usually works on TCP port 5038, in order to open it we will execute:
iptables -A INPUT -p tcp --dport 5038 -j ACCEPT
To open a port only for a specific network or IP address:
iptables -A INPUT -s 192.168.2.2/32 -p tcp --dport 5038 -j ACCEPT
iptables -A INPUT -p tcp --dport 5038 -j DROP
If the DROP rule is used, then it must be the last one, that is, if you need to add another IP address, then:
iptables -D INPUT -p tcp --dport 5038 -j DROP
iptables -A INPUT -s 192.168.5.5/32 -p tcp --dport 5038 -j ACCEPT
iptables -A INPUT -p tcp --dport 5038 -j DROP
To remove a rule, specify the same command, replacing -A with -D, for example:
iptables -D INPUT -p tcp --dport 5038 -j ACCEPT
See also my articles:
IPTables rules for Asterisk
IPTables setup