That wasn’t the rule I was referring to.
That may be so, but you appear to lack a fundamental understanding of how a firewall functions, or how packets are likely sourced from the external devices towards you in terms of source ports.
Three key points to consider -
- Rule are processed top down, in order.
- First rule to match traffic applies.
- Consider SOURCE as well as DESTINATION in your rules for not just IP but also PORT.
If you have a packet that you expect to be processed by your “IP Phone” rule where you stipulate a source port of tcp:80 and because of randomisation on the client side making that connection (either because in reality that is how lots of things work, or in reality how devices are behind NAT before they cross the internet to you) it actually arrives with a randomised SOURCE of tcp:32193 it will be ignored by that rule, and carry on down until it hits the “default” which you have set to accept anything. The DESTINATION is still tcp:80, but as the rule does not match on the source correctly it will be bypassed.
The firewall, as it stands with that default rule set to “permit anything from anywhere” is basically wide open, you are not actually blocking anything connecting inwards.
This explains why your RDP rule is not working how you expect, and it is highly likely the same is actually true of your other rules.
Because as I and others have stated, those rules you have are probably doing nothing.
You have the “default” rule at the bottom of the list set to “accept anything from anywhere”. Click it, change the default action to “deny”.
You will probably find your other rules are now not working as you think, that is good as it means the firewall is actually doing something now, your existing rules you think are working at the moment were more than likely a case of traffic hitting that default rule at the bottom in its state of “permit anything from anywhere” because I would bet pennies to pounds traffic is just falling through the list until it gets to that default rule at the moment.
Now on your existing rule list, change the SOURCE port for them to ANY, because as I explained earlier remote devices connecting in almost certainly are either randomising their source port on connection, or are possibly also behind NAT which may also (further) randomise their source ports towards you.
If you enable logging on the rules as you go you can also see traffic matching them in the event logs, you can turn logging off once you are satisfied things are working, or leave it on if you want I don’t know what Peplink appliance you are using or how high the volume of traffic is so you may not want the overhead of the logging.