blocked all but 2 ips for remote desktop services in windows firewall still getting bad logins

I have the following firewall setup in my Advanced Windows Firewall screen:

If I understand it correctly, only the two ips I have listed should be able to connect to my remote desktop service.

Here is the rds setting that windows makes:

As you can see, I don't have remote desktop enabled. I can rdp in without an issue but I'm still getting alot of these in my event log:

Failure Information:
    Failure Reason:     Unknown user name or bad password.
    Status:         0xc000006d
    Sub Status:     0xc0000064

Process Information:
    Caller Process ID:  0x0
    Caller Process Name:    -

Network Information:
    Workstation Name:   WIN7PC01-PC
    Source Network Address: 114.37.11.170
    Source Port:        60648

Am I misunderstanding how this works? Shouldn't the firewall settings prevent them from even reaching my rdp services to log in if they aren't one of these two ip addresses?

Also, I don't have a hardware firewall to make any settings to. This is strictly a question about Windows Firewall. Don't have one a hardware firewall and cannot set one up in this scenario.

==== EDIT ====

The rule is enabled otherwise I wouldn't be able to log in but here is the rule and the rest of the settings. Sorry I didn't say this earlier.

You don't have the rule enabled, so it can't block appropriately as you would expect it to. Enable the rule so it's checked green as your "World Wide Web Services (HTTPS Traffic-In)" rule shows in the pic and you should be on your way.

EDIT- I see that you had a custom rule in place, sorry for the above comment. What domain is the rule attached to? Public, Private, Domain? Enable it on all for fun just to see if it works (perhaps Private can be skipped first).