diff --git a/sshd.go b/sshd.go
index b0ef979..f339332 100644
--- a/sshd.go
+++ b/sshd.go
@@ -252,7 +252,19 @@ func handleTcpIpForward(client *sshClient, req *ssh.Request) (net.Listener, *bin
 		return nil, nil, fmt.Errorf("Address is not permitted")
 	}
 
-	// TODO: Check port
+	ok := false
+	for _, port := range client.AllowedRemotePorts {
+		if payload.Port == port {
+			ok = true
+			break
+		}
+	}
+
+	if !ok {
+		log.Printf("Port is not permitted.")
+		req.Reply(false, []byte{})
+		return nil, nil, fmt.Errorf("Port is not permitted")
+	}
 
 	laddr := payload.Addr
 	lport := payload.Port
@@ -294,7 +306,6 @@ func handleListener(client *sshClient, bindinfo *bindInfo, listener net.Listener
 			break
 		}
 
-		// TODO: I don't think a goroutine is required here
 		go handleForwardTcpIp(client, bindinfo, lconn)
 	}
 }