First ask yourself what you are trying to accomplish. Where is the RDP
server, and who is trying to get to it? Then remember that the OUTPUT
chain is for connections leaving the firewall. INPUT is for
connections directly to the firewall, and FORWARD is for connections
through the firewall.
With that in mind, and assuming you just want to let other boxes get
to your RDP server (which is on your firewalled host), this would
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport 3389 -m state --state NEW -j ACCEPT
You can do something similar for your OUTPUT or FORWARD chains. Using
iptables state match (-m state) is always recommended, as it
simplifies rules. It also increases security by avoiding the need to
open up high ports for return traffic.
I have some commented iptables scripts you might find useful as a
starting point here: