To allow SIP connection in IPTables, add rules (the first for connections, the second for voice traffic):
sudo iptables -A INPUT -p udp -m udp --dport 5060 -j ACCEPT
sudo iptables -A INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT
To allow connections from a specific address only, instead of the rules above, we indicate (where 192.168.1.50 is a trusted IP address):
sudo iptables -A INPUT -p udp -m udp -s 192.168.1.50 --dport 5060 -j ACCEPT
sudo iptables -A INPUT -p udp -m udp -s 192.168.1.50 --dport 10000:20000 -j ACCEPT
Similarly, for each IP, either directly for the subnet, for example:
sudo iptables -A INPUT -p udp -m udp -s 192.168.1.0/24 --dport 5060 -j ACCEPT
sudo iptables -A INPUT -p udp -m udp -s 192.168.1.0/24 --dport 10000:20000 -j ACCEPT
To remove a rule, we’ll specify the same command, replacing -A with -D, for example:
sudo iptables -D INPUT -p udp -m udp -s 192.168.1.0/24 --dport 5060 -j ACCEPT
sudo iptables -D INPUT -p udp -m udp -s 192.168.1.0/24 --dport 10000:20000 -j ACCEPT
To view the list of rules, use the command:
sudo iptables -nvL
See also my article:
IPTables rules for Asterisk AMI
How to configure IPTables
A good primer on the topic