> --ports port[,port[,port...]] > Match if the both the source and destination ports are > equal to each other and to one of the given ports. There are few daemons which bind to the portnumber they are listening on. BIND could be configured to use a fixed port (e.g. 53) as the source port, and thus would be a possible use for --ports, because most destination ports for dns are 53, _too_.
