I'm running vmware-server under Linux, and the authentication works on port 902. What I want to do is stop a particular user from being able to connect to this port from external machines.

For example, if someone is using the vmware-server-console, I don't want them to use the root account to connect, and therefore deny access to this port from external IP addresses.

Anyone know how I could do this, or if it's possible or not?

I think I might be able to do this with iptables. Here is the rule I've written, although yet to test it because people are connected with the account I want to block, and want them to finish before I deny access, and then tell them to use another account instead.

Any iptables experts out there that see a problem with my rule?