Asterisk

How to set iptables rules for asterisk in docker to allow rtp packets for webrtc client through stun?

Deployed asterisk in docker. When you call phone to phone, everything is fine, there is sound. When calling webrtc to phone, neither side is heard, I use stun, the dump shows that there are no rtp packets. There are suspicions that rules need to be added to iptables, but which ones? The current iptables in docker contains:

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

rtp

rtpstart=10000
rtpend=10100
stunaddr=stun.l.google.com:19302

http

[general]
bindaddr=172.17.0.2
bindport=8088
enabled=yes

sip

[general]
udpbindaddr=172.17.0.2:5060
tcpbindaddr=172.17.0.2:5061
localnet=192.168.31.0/24
media_address=192.168.31.147
externip=192.168.31.147
transport=udp,tcp,ws
nat=force_rport,comedia
directmedia=no
icesupport=yes

rtcp_mux=yes enabled

docker run with

-p 5060:5060/udp 
-p 5061:5061/tcp 
-p 10000-10100:10000-10100/udp 
-p 8088:8088/tcp