Hi Chris, versa
There isn't anything much on ACL, but it's just like hosts or a simple firewall rule; i.e. it's an IP address and a mask. By default, on the later releases, for internal phones, SAIL will set the rule as
deny=0.0.0.0/0.0.0.0
permit=your.local.subnet.0/255.255.255.0
This will allow phones from inside your subnet to register and make calls but should stop anyone from outside your subnet from registering an extension which exists on the local subnet.
For a remote phone, at ip address 1.2.3.4 you might do something like
deny=0.0.0.0/0.0.0.0
permit=1.2.3.4/255.255.255.255
For trunks you'll need to apply your rules at the firewall and only allow traffic from known IP address on port 5060. Asterisk can't really enforce ACL on DiD's, or if it can, then I'm not sure how to do it - comments and ideas welcome if anyone does know how to do it.
Best
jeff