diff --git a/Shorewall/firewall b/Shorewall/firewall
index 88b7bcb15..681e8330c 100755
--- a/Shorewall/firewall
+++ b/Shorewall/firewall
@@ -658,6 +658,14 @@ validate_rule() {
 	case "$logtarget" in
 	REJECT)
 	    target=reject
+	    [ -n "$servport" ] && \
+		startup_error "Error: server port may not be specified in a REJECT rule;"\
+                              "rule: \"$rule\""
+	    ;;
+	ACCEPT)
+	    [ -n "$servport" ] && \
+		startup_error "Error: server port may not be specified in an ACCEPT rule;"\
+                              "rule: \"$rule\""
 	    ;;
 	REDIRECT)
 	    [ -n "$serv" ] && startup_error "Error: REDIRECT rules cannot"\
diff --git a/Shorewall/rules b/Shorewall/rules
index 274648997..514471c5f 100755
--- a/Shorewall/rules
+++ b/Shorewall/rules
@@ -71,7 +71,8 @@
 #			The port that the server is listening on may be
 #			included and separated from the server's IP address by
 #			":". If omitted, the firewall will not modifiy the
-#			destination port.
+#			destination port. A destination port may only be
+#			included if the ACTION is DNAT or REDIRECT.
 #
 #			Example: loc:192.168.1.3:3128 specifies a local
 #			server at IP address 192.168.1.3 and listening on port