Since it’s very well hidden, and I found some odd things along the road, looking on how to do it. See if you can find it with these docs:
https://wiki.freepbx.org/display/FPG/Firewall+Custom+Rules
Or this tip:
OK, the trick is: Go to connectivity → firewall and then on the right side of the window there the a special button: 
Click it and select services. Now I assumed that since CHAN_SIP is there port 2000 would be open, so I ran /sbin/iptables-save|grep 2000 and noticed it wasn’t there.
So I went to custom services, and added SCCP, port 2000, tcp and udp, on the local interface, and pressed save and then pressed save:
And after that checking the firewall rules resulted in:
root@asterix ~ # iptables-save | grep '2000 '
-A fpbxsvc-d7956cbbf9874dc7 -p tcp -m tcp --dport 2000 -j ACCEPT
-A fpbxsvc-d7956cbbf9874dc7 -p udp -m udp --dport 2000 -j ACCEPT
And now sccp works on the local interface.