While I’m not sure what parts you don’t understand, let me try to help you with a framework that might get you closer.
Step 1 is to understand how contexts work. A context is a bit of (broad sense) code that gives your call ways to do things. It isn’t just a program: its more, but it doesn’t hurt to think of it as a program. Like most programs, it’s set up to do things based on input from your phone and other sources of data. Different contexts to different things and affect the security of your system, so (like with most programs) it’s important to understand what they do and why they do it.
For this “dialing in to set a feature code” thing to happen, you have to be on a call that can access your internal feature codes. The “normal” way that happens is through a context called “from-internal”. This is the context in which stuff that you need to be on the local network to do is processed. For example, “from-pstn” (a different context) is a common context for incoming calls. These calls can basically only do a few specific things (like call a local extension). The “from-internal” context allows you to toggle feature codes and call out.
The “normal” (being a relative term) way to do this is through an interface like “DISA” or through external extensions. In DISA, you call a special number, put in an access code, and get a dial-tone on the PBX. From there, you can do anything you would do from a local phone. In an external extension, your phone is already in the local network (logically) because it’s an extension.
So, once you’re in the right context (through DISA or through setting up local extensions) you can toggle the feature code on and off at will.
The next bit of business you need to figure out is which solution is best for your situation. I’ve done this for a couple of places that want their technicians to call out with the company’s Caller ID. For them, the easiest solution was to have them dial in to a special number that asked for their n-digit PIN to proceed. Combined with white-listing the Caller ID from their cell phones, this provides a very secure way to give them a line in the local network without having to mess around with the firewall.
Now, having said that, I’ve set up my own system so that my cell phone is a local extension on my main system. When I call with Zoiper, the outbound caller ID is my main PBX number. Same result, just another way to make it happen.
Now, there are probably another three or four ways to make this happen, including setting up special custom contexts associated with inbound Caller ID from cell phones or connections through an IVR, but the result is always the same. At some point, in order to make this work, you have to be in a context that allows you to override the CFW settings.