well guys i wana block remote desktop access on my intranet....
m running RHEL4 as my distro n iptables for firewall.......


########################## my iptable file ###############################

*filter
:INPUT ACCEPT [65:6072]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]

-A INPUT -s 172.16.1.0/255.255.0.0 -i eth0 -d 192.168.0.0/24 -p tcp -j ACCEPT
-A FORWARD -s 172.16.1.0/255.255.0.0 -i eth0 -d 192.168.0.0/24 -o eth1 -p tcp -m state --state ESTABLISHED -j ACCEPT
-A FORWARD -d 172.16.1.0/255.255.0.0 -o eth0 -s 192.168.0.0/24 -i eth1 -p tcp -m state --state ESTABLISHED -j ACCEPT
-A INPUT -j ACCEPT -p all -s 172.16.1.0/255.255.0.0 -i eth0
-A OUTPUT -j ACCEPT -p all -d 172.16.1.0/255.255.0.0 -o eth0

COMMIT

*nat
:PREROUTING ACCEPT [14:2040]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -s 172.16.1.0/16 -o eth1 -j MASQUERADE

COMMIT

################################ end #################################

eth0 - i use it as a proxy address for surfing on the lan
eth1 - use it as gateway for lan
my modem connection is on eth0

i used this line in my iptables later but it didnt work---
iptables -A INPUT -p tcp -s 172.16.1.0/16 --dport 3389 -j DROP

neone plz help me.............is there smthing wrong with my iptables file or the command , hw should i do it.

thanks in advance.

The INPUT chain only matches packets that are destined for the firewall machine itself, to block packets to your intranet you need the rule in the FORWARD chain.