diff --git a/firewallmngr/files/firewall.portmap b/firewallmngr/files/firewall.portmap
index db022fbaa..731761b76 100755
--- a/firewallmngr/files/firewall.portmap
+++ b/firewallmngr/files/firewall.portmap
@@ -3,17 +3,17 @@
 . /lib/functions.sh
 
 reorder_dnat_rules() {
-	nat_chains=$(iptables -t nat -S | grep -E "^-N zone[a-zA-Z0-9_]+prerouting$" | cut -d' ' -f 2)
+	nat_chains=$(iptables -w -t nat -S | grep -E "^-N zone[a-zA-Z0-9_]+prerouting$" | cut -d' ' -f 2)
 
 	for chain in ${nat_chains}; do
 		# Collect empty remote host & empty dport rules
-		EMPTY_HOST_PORT=$(iptables -t nat -S ${chain} | grep -E "REDIRECT|DNAT" | grep -v "\-\-dport" | grep -v "\-s ")
+		EMPTY_HOST_PORT=$(iptables -w -t nat -S ${chain} | grep -E "REDIRECT|DNAT" | grep -v "\-\-dport" | grep -v "\-s ")
 
 		# Collect empty remote host but non empty dport rules
-		EMPTY_HOST=$(iptables -t nat -S ${chain} | grep -E "REDIRECT|DNAT" | grep "\-\-dport" | grep -v "\-s ")
+		EMPTY_HOST=$(iptables -w -t nat -S ${chain} | grep -E "REDIRECT|DNAT" | grep "\-\-dport" | grep -v "\-s ")
 
 		# Collect non empty remote host but empty dport rules
-		EMPTY_PORT=$(iptables -t nat -S ${chain} | grep -E "REDIRECT|DNAT" | grep -v "\-\-dport" | grep "\-s ")
+		EMPTY_PORT=$(iptables -w -t nat -S ${chain} | grep -E "REDIRECT|DNAT" | grep -v "\-\-dport" | grep "\-s ")
 
 		# Skip this chain if no matching rules were found
 		[ -n "${EMPTY_HOST_PORT}" -o -n "${EMPTY_HOST}" -o -n "${EMPTY_PORT}" ] || continue