Looking at my Event Log I see that right now an attempt is being made at brute forcing my 'sa' user for Sql Server on my Windows Server web edition box. I know that firewall rules are not the only solution, but I thought this could be a learning experience. I created a rule to block the offending IP address from inbound traffic for all applications.
The problem is, as I watch, the same IP address continues to log unsuccessful log in attempts. Does anything else have to happen before a rule goes live? Do I need to restart something? Could another setting be over-ruling the new rule? Thanks
Solved my own question. It seems when I created the rule I added the IP address I wanted to block to the "Local IP address" group and not the "Remote IP address" group. When I later added the IP to the remote group, after the rule had been created, it still didn't go into effect. When I created a new rule though, and added the IP address I wanted to stop to the Remote section correctly, everything worked as it should.
Of course, a few hours later I was just getting hit by another IP address.