I want to setup the firewall rules to allow RDP to an internal Terminal Server.  I setup Single Port Forwarding for RDP/3389 to the destination address with no problem.  I could get to the TS external with no issues.  I also wanted to enable more security so that it is not open to the world.  I went into IP ACL, created a rule for RDP (WAN, Source, Destination).  I utilized my home IP address as the source to test it out.  I was still able to connect to the TS.  To confirm that it was limiting the connection, I changed the Source IP in the IP ACL rule to another IP (not my home address) and I was still able to connect to the TS but I should have not been able to given the IP ACL was set to a different Source IP.  I then changed the Source IP back to my home external IP and tried to connect to the TS from a different remote PC (different location and external IP).  I was still able to connect to the TS even though the IP ACL was setup to only allow my home computer to connect.  I did disabled Port Fowarding to see if that made a difference but it killed all the external RDP connections.  My understanding is that you enable Port Forwarding (in this case for RDP) and then limit that access via the IP ACL.  Am I incorrect in my thinking?  Any ideas why the IP ACL is not limiting the access to the Source IP?

Thanks