Firewall: Restrict port access to only certain source IPs?

Is it possible to only allow certain IPs to reach certain services?

ie, on my external interface i’d like to allow 5060 only to SIPSTATION, everyone else should be denied? Is that possible with the FreePBX firewall? I didn’t see a way to restrict by source IP.

Turn off the responsive firewall and everything is blocked except for trunks defined on your system. That will also block any external extensions unless the IP is whitelisted in the firewall or potentially in extensions settings with deny/allow.