If you are using the connection tracking, you should use:
iptables -A RH-Firewall-1 -p tcp --dport 21 -m state --state NEW,RELATED -j DROP
iptables -A RH-Firewall-1 -p udp --dport 20 -m state --state NEW,RELATED -j DROP
[]'s
Rafa
Linux, Linux and Linux!
Suporte Linux