Based upon your post, here is an example of what I think you are trying to achieve (based upon a policy set to accept, which is safer against self lockout):
Code:
-A INPUT --src 123.123.123.123 -m tcp -p tcp --dport 3306 -j ACCEPT
-A INPUT --src 123.123.123.123 -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT --src 456.456.456.456 -m tcp -p tcp --dport 3306 -j ACCEPT
-A INPUT --src 456.456.456.456 -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m tcp -p tcp --dport 2900 -j ACCEPT
-j DROP
This will allow '123' and '456' to access 3306 and 22, everyone to access 80 and 2900, everything else is denied.