Before I go on, I've already found and read this post: http://social.msdn.microsoft.com/Forums/windowsazure/en-US/30fed06a-502b-45e0-9b75-bf2d26ccd272/acls-on-endpoints-not-applying?forum=WAVirtualMachinesforWindows but as I'm not using PS to configure this and don't seem to be able to tweak the order when creating ACL entries (i.e setting the first one not to be the default "0" value, motioned in he post, I still need some help.
So...
I'm trying to restrict access to an VM's endpoints for RDP and SQL ports. The endpoints are configured and work by default, and of course, as default, they allow ANY IP into them. I've created ACL entries to restrict this to a select few public IPs but I have two seemingly conflicting issues when I do this:
1. Anyone can still access my server from ANY IP, even though its not on the list
2. The internal SQL communication between Azure servers (on the 10.10.10.0 subnet, suddenly stops)
I was under the impression that as soon as you create an entry into the ACL anythingnot covered by this would by default be denied? http://msdn.microsoft.com/en-us/library/windowsazure/dn376541.aspx
I have also tried to put a DENY 0.0.0.0/0 at the bottom of the ACL but there's still access from the www to these ports.
When I put an entry for allow 10.10.10.0 then the SQL traffic internally on Azurestarts working again.
And now, I've just gone back into check... and all my ACL's on every VM seem to have disappeared!
Confused...? Any help much appreciated.