diff --git a/firewall/firewall-add b/firewall/firewall-add
index ed253cd..1ba9ae1 100755
--- a/firewall/firewall-add
+++ b/firewall/firewall-add
@@ -354,6 +354,10 @@ COUNT_SOURCE_PORT=$(set |grep SOURCE_PORT |wc -l)
 COUNT_TARGET_IP=$(set |grep TARGET_IP |wc -l)
 COUNT_TARGET_PORT=$(set |grep TARGET_PORT |wc -l)
 
+# SOURCE AND TARGET PORTS ARE IN PAIRS
+if [ "$COUNT_SOURCE_PORT" == "$COUNT_TARGET_PORT" ]; then PAIRS="1";
+else PAIRS="0";
+
 if [ "$COUNT_SOURCE_IP" == 0 ] ; then COUNT_SOURCE_IP=1 ; fi
 for source_ip_index in $(seq 1 $COUNT_SOURCE_IP) ; do
 	if set |grep SOURCE_IP_ ; then
@@ -378,6 +382,11 @@ for source_ip_index in $(seq 1 $COUNT_SOURCE_IP) ; do
 					TARGET_PORT=$(eval "echo \${"TARGET_PORT_$target_port_index"}")
 				fi
 
+				# if case of pairs if indexes doesn't match then omit routing
+				if [ "$PAIRS" == "1"] && [ "$source_port_index" != "$target_port_index" ] ; then
+					continue;
+				fi;
+
 #############################
 # NSENTER Specific settings #