Checking host related iptables settings and preparing DOCKER-USER chain

for source port check.

firewall/firewall-add

@@ -111,8 +111,13 @@ for source_ip_index in $(seq 1 $COUNT_SOURCE_IP) ; do
 #############################
 # NSENTER Specific settings #
 
-if [[ "$PREROUTING" == "true" ]] || [[ "$POSTROUTING" == "true" ]] ; then
-	NS_IPTABLES="nsenter -t $(docker inspect --format {{.State.Pid}} $NAME) -n -- $IPTABLES -t nat";
+if [[ "$PREROUTING" == "true" ]] || [[ "$POSTROUTING" == "true" ]] || [[ "$HOST" == "true" ]] ; then
+	
+	if [ "$HOST" == "true" ] ; then
+		NS_IPTABLES="/sbin/iptables -t nat";
+	else
+		NS_IPTABLES="nsenter -t $(docker inspect --format {{.State.Pid}} $NAME) -n -- $IPTABLES -t nat";
+	fi
 	
 	debug "iptables: "$NS_IPTABLES;
 	
@@ -146,7 +151,7 @@ else
 		done
 	fi
 
-	$IPTABLES -I $CHAIN -s $SOURCE_IP -d $TARGET_IP -p $PROTOCOL --dport $TARGET_PORT -m comment --comment "$COMMENT" -j ACCEPT
+	$IPTABLES -I $CHAIN -s $SOURCE_IP --sport $SOURCE_PORT -d $TARGET_IP -p $PROTOCOL --dport $TARGET_PORT -m comment --comment "$COMMENT" -j ACCEPT
 
 	#############################
 fi