I applied an access list in internet interface to permit only the used ports and deny the others for our local users, but when I tried to add an exception for a host in the access list it didn't work it keeps treating him as before and when I check the access list I found that there is no hit in the host line , is that mean the packet sourced from the host change its source when leaving through the internet interface and that is why I didn't find a hit in the access list ?

please help me in this problem and how I can permit only this host to use any port 

this is a sample of the configurations:

ip access-list extended internet-access
 permit ip host 192.168.3.43 any
 permit icmp any any
 permit tcp any any eq 3344
 permit tcp any any eq 3390
 permit tcp any any eq ftp
 permit tcp any any eq ftp-data
 permit tcp any any eq 22
 permit tcp any any eq domain
 permit udp any any eq domain
 permit tcp any any eq telnet
 permit tcp any any eq smtp
 permit tcp any any eq 587
 permit tcp any any eq 465
 permit udp any any eq tftp
 permit udp any any eq snmp
 

!

interface GigabitEthernet0/2.705
 description $INTERNET_OUTSIDE$
 encapsulation dot1Q 705
 ip address XX.XX.XX.XX 255.255.255.240
 ip access-group internet-access out
 ip nat outside
 ip virtual-reassembly in

REGARDS