Block Port 3389 for all External with exemptions


I am trying to setup something for a buddy of mine where the scenario is below.

  1. Block all incoming 3389 port traffic
  2. Exempt that by letting two ip addresses from external be allowed

I am just wanting to put a tight squeeze on the remote desktop to make it more secure so that only the people that want to remote to this computer can, the people remoting I believe should have Static ip addresses.

You can create a new network zone contain the IP addresses that you want to allow access, then create a global firewall rule that allows incoming based on source address using a network zone and destination port 3389.