So, for some unknown reason, the router i've just come to manage, some lunatic has set it to have port 3889 open to the world.....
I've therefor setup a vpn, and i'm moving people over to it. However, there are 2 people currently working through rdp that I cannot get hold of, so what I want to do is just start blocking off the IP addresses of people i've already switched over so that their computer is no longer accessible via rdp.
I put in place
Chain=Input
Dst Address= (address of computer on site)
Dst Port= 3389
Action= Drop
I thought this would just block that particular computer from being accessed.
Then once i got hold of the other 2 people, i could remove the open to the world rdp rule completely, but for now this is a quick fix.
However........it doesnt block it.
Is the other rule overriding it?