Да да, конечно
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 52:54:00:f6:62:89 brd ff:ff:ff:ff:ff:ff
inet 192.168.121.204/24 brd 192.168.121.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fef6:6289/64 scope link
valid_lft forever preferred_lft forever
3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
link/none
inet 10.10.0.1 peer 10.10.0.2/32 scope global tun0
valid_lft forever preferred_lft forever
# Generated by iptables-save v1.4.21 on Fri Sep 23 15:13:25 2016
*nat
:PREROUTING ACCEPT [91749:6633425]
:INPUT ACCEPT [42:2396]
:OUTPUT ACCEPT [792:47687]
:POSTROUTING ACCEPT [65:8372]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Fri Sep 23 15:13:25 2016
# Generated by iptables-save v1.4.21 on Fri Sep 23 15:13:25 2016
*filter
:INPUT DROP [96293:6919831]
:FORWARD DROP [8635:503660]
:OUTPUT ACCEPT [10550:10790711]
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p udp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 5900 -j ACCEPT
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -p tcp -m conntrack --ctstate NEW -m tcp --dport 5900:5910 -j ACCEPT
-A FORWARD -p tcp -m conntrack --ctstate NEW -m tcp --sport 5900:5910 -j ACCEPT
-A FORWARD -p udp -m conntrack --ctstate NEW -m udp --sport 10000:20000 -j ACCEPT
-A FORWARD -p udp -m conntrack --ctstate NEW -m udp --dport 10000:20000 -j ACCEPT
-A FORWARD -p tcp -m conntrack --ctstate NEW -m tcp --dport 443 -j ACCEPT
-A FORWARD -p tcp -m conntrack --ctstate NEW -m tcp --sport 443 -j ACCEPT
-A FORWARD -p udp -m conntrack --ctstate NEW -m udp --dport 5060 -j ACCEPT
-A FORWARD -p tcp -m conntrack --ctstate NEW -m tcp --dport 5060 -j ACCEPT
-A FORWARD -p udp -m conntrack --ctstate NEW -m udp --sport 5060 -j ACCEPT
-A FORWARD -p tcp -m conntrack --ctstate NEW -m tcp --sport 5060 -j ACCEPT
-A FORWARD -p udp -m conntrack --ctstate NEW -m udp --dport 53 -j ACCEPT
-A FORWARD -p udp -m conntrack --ctstate NEW -m udp --sport 53 -j ACCEPT
-A FORWARD -p tcp -m conntrack --ctstate NEW -m tcp --dport 80 -j ACCEPT
-A FORWARD -p tcp -m conntrack --ctstate NEW -m tcp --sport 80 -j ACCEPT
-A FORWARD -p udp -m conntrack --ctstate NEW -m udp --dport 123 -j ACCEPT
-A FORWARD -p udp -m conntrack --ctstate NEW -m udp --sport 123 -j ACCEPT
-A FORWARD -i tun0 -j LOG --log-prefix "IPDROP: "
-A FORWARD -i eth0 -j LOG --log-prefix "IPDROP: "
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -p icmp -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 32768:61000 -j ACCEPT
-A OUTPUT -p udp -m udp --sport 32768:61000 -j ACCEPT
-A OUTPUT -p tcp -m state --state NEW -m tcp --dport 5900 -j ACCEPT
COMMIT
# Completed on Fri Sep 23 15:13:25 2016
# Generated by iptables-save v1.4.21 on Fri Sep 23 15:13:25 2016
*mangle
:PREROUTING ACCEPT [3397736:2360599571]
:INPUT ACCEPT [1255321:1141966069]
:FORWARD ACCEPT [2122243:1217493247]
:OUTPUT ACCEPT [661314:119740858]
:POSTROUTING ACCEPT [2771704:1335413810]
COMMIT
# Completed on Fri Sep 23 15:13:25 2016
И да, прошу прощения, tcpdump все-таки ловит попытку регистрации. Пропустил по невнимательности. Сейчас с этого ip регистрация не осуществляется. Только после сброса правил.
15:05:54.691473 IP (tos 0x68, ttl 63, id 0, offset 0, flags [DF], proto UDP (17), length 634)
192.168.1.16.5060 > 192.168.121.205.5060: [udp sum ok] SIP, length: 606
REGISTER sip:192.168.121.205:5060 SIP/2.0