You are correct, any IP tables you set is overwritten by the Elastix IP Tables implementation. Elastix stores all your rules in a database, and during startup (after all the linux startup scripts), it reads the rules from the database, and sets up IP tables.
So it is an either or situation, either Elastix Firewall or the standard IP tables implementation.
If you want to use the Elastix Firewall the following is needed....Note at this point I am assuming that you have changed SSHD from the default port 22 and placed it on say 30003, which is what this is based on...
X.X.X.X being the address you are coming from
1) Define a new Port...call it say SSHAlt, Protocol TCP and assign a port value of 30003 (no need to fill in other side)...add a comment as it is a new port definition
2) Define a new rule....
Traffic : INPUT
Interface : ANY
Source Address : X.X.X.X/32 (note /32 will restrict it to one address - your remote address)
Destinaton Address : 0.0.0.0/24
Protocol : TCP
Source Port : ANY
Destination : SSHAlt
Target : ACCEPT
This is functionally the same as the IPTables rule
iptables -A INPUT -p tcp -s X.X.X.X --dport 30003 -j ACCEPT
Now the main thing to remember is that this rule needs to be moved up the table. The table works on a top down approach, and what ever the rule that matches first, it will apply.
If you notice the last three rules on the Elastix Firewall are in and out rules matching all traffic. So naturally in processing, if it reaches these rules (as there were no previous matches), it is going to deny the traffic (firewall it), which is basically the rule with IP tables, Deny all, unless explicitly set to accept.
So once you have that rule set, it automatically (and as a good security measure, it places it last on the table (functionally it is disabled until you move it into place). Use the Blue Arrows to move it into an appropriate place. If your firewall is simple, you can move it anywhere above the three blanket rules.
That should be activated...
If you want to make sure you can perform an
and besides the rest of the rules, I find the following rule
ACCEPT tcp -- 126.96.36.199 anywhere tcp dpt:30003
Which is the rule I entered via Elastix Firewall.....(I used 188.8.131.52 an IP address)
Hope this helps....