Question : Asterisk (using FreePbX) - can I limit the incoming SIP traffic to my provider's IPs?

Turns out that when my firewall is set to perform SIP transformations, I cannot setup a rule that only permits SIP 5060-1 from my provider addresses.  The firewall accepts everything and forwards it via NAT to my internal Asterisk PBX.  I am concerned about hackers trying to guess registration information so I'd like to only permit the valid external IP address range in Asterisk.  I see the permit/deny options, but they seem like they are for each extension, and I want to block all of asterisk from responding to invalid addresses.  Is there a global way to permit/deny?  Yes, I could consider iptables, etc, but looking for a way to do this in asterisk.  Thanks

Answer : Asterisk (using FreePbX) - can I limit the incoming SIP traffic to my provider's IPs?

I'm not aware of any way to do this other than using a firewall such as iptables.  It has been discussed on the asterisk mailing lists in the past but the only working suggestion I'm aware of is using a firewall.