In an earlier question I asked why rsh was no longer possible out from
a RedHat 7.1 box, configured in a stock way.

I thought that there was some protocol problem, but in fact the
problem seems to be the firewall.  The stock RedHat install 
comes with the following set of rules:

# Firewall configuration written by lokkit
# Manual customization of this file is not recommended.
# Note: ifup-post will punch the current nameservers through the
#       firewall; such entries will *not* be listed here.
:input ACCEPT
:forward ACCEPT
:output ACCEPT
-A input -s 0/0 -d 0/0 6000 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 6010 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 22 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 -i lo -j ACCEPT
-A input -p tcp -s 0/0 -d 0/0 0:1023 -y -j REJECT
-A input -p tcp -s 0/0 -d 0/0 2049 -y -j REJECT
-A input -p udp -s 0/0 -d 0/0 0:1023 -j REJECT
-A input -p udp -s 0/0 -d 0/0 2049 -j REJECT
-A input -p tcp -s 0/0 -d 0/0 6000:6009 -y -j REJECT
-A input -p tcp -s 0/0 -d 0/0 7100 -y -j REJECT

Now this seems to do the right thing and keep people out of your box,
but it also keeps me from rsh-ing TO another host.  [And before you
suggest it, I don't control that other host and can't persuade them to
offer ssh instead of rsh.]

So, is there some way I can tweak this so that I'm able to make rsh
connections out, but not in?  I have only the haziest understanding of
rsh, but as far as I can tell from a tcpdump, it involves packets
going in and out on the low number (blocked) ports.

Per the instructions, I tried running lokkit, but it provides only the
most gross control over the configuration.  

Thanks!
Robert