allowing connections from a specific host on a specific port with ipchains ?

[chas <panda skinnyhippo com>]

How do you add an ipchains rule to accept connections from 
a given host (eg. www.xxx.yyy.zzz) on a specific port (eg. 3333) ? 

I tried the following (www.xxx.yyy.zzz replacing the real IP
to protect the humiliated) :

# /sbin/ipchains -I input -p tcp -s www.xxx.yyy.zzz 3333 -j ACCEPT

But still the remote host (www.xxx.yyy.zzz) could not connect
on port 3333.

Here are my rather simple ipchains : 

# /sbin/ipchains -L
Chain input (policy ACCEPT):
target     prot opt     source               destination           ports
ACCEPT     tcp  ------  www.xxx.yyy.zzz      anywhere              3333 ->
any
ACCEPT     tcp  -y----  anywhere             anywhere              any ->
ssh
ACCEPT     tcp  -y----  anywhere             anywhere              any ->
http
ACCEPT     all  ------  anywhere             anywhere              n/a
ACCEPT     udp  ------  ns1.secure.net       anywhere              domain
->   any
REJECT     tcp  -y----  anywhere             anywhere              any ->
any
REJECT     udp  ------  anywhere             anywhere              any ->
any
Chain forward (policy ACCEPT):
Chain output (policy ACCEPT):

What am I missing here ? 

Not sure if it's necessary but I also tried restarting ipchains : 

[root womble sysconfig]# /sbin/service ipchains restart
Flushing all current rules and user defined chains: [  OK  ]
Clearing all current rules and user defined chains: [  OK  ]
Applying ipchains firewall rules: [  OK  ]

But still no luck. 

Thank you for any help.

chas

ps. how do you specify where to insert a rule ? at the moment,
    I'm just using  "/sbin/ipchains -I input" and it inserts
    the rule in the first position. Also, are ipchains zero-indexed
    or does the first one have position "1". ?