The server is running on EC2. As far as I can tell, EC2 does not have a virtual console interface or any other way to rescue a server that blocks all network connections with a firewall.
Virtual machines run on physical machines. Physical machines can have stuff plugged into them and can probably run a VM app.
It's a hassle, sure, but if you're hosting this elsewhere chances are this isn't the first time this has happened, and if you're hosting it yourself then problem solved.
Why would you have to completely re-provision a machine just because you turned the firewall on?
I'm guessing maybe this is a VM?
Either way, I tend to prefer hardware firewalls over software firewalls for this reason ESPECIALLY on Windows. With a "real" firewall, you can generally maintain a connection to the firewall (if you've set it up right), and that way if you firewall off the wrong port and need to reverse something you can still do so.
Oops, yeah. I missed the "virtual" part. That's what I get for reading/commenting while on a conference call and working on a remote desktop session...
I think changing firewall rules remotely is one of those things where it pays to be extra-careful, and then make sure you have access to the console (or physical access) for when you inevitably mess it up and lock yourself out.
Probably because he forgot to open that port in his EC2 security group.
Machines belong to security groups, and security groups define which ports have access to the outside world - which is why you don't need the Windows firewall at all when running an EC2 instance.
