tl;dr

harden

@@ -512,7 +512,7 @@ function dynamicDockerPortsCronjob {
     cat << 'TOHERE' | sudo tee /root/bin/dynamic_docker_ports_cronjob.sh > /dev/null 2>&1
 #!/usr/bin/env bash
 # Get the current ports used by docker
-CURRENT_DOCKER_PORTS="$(DOCKER_HOST=unix:///run/user/"$(id -u secdep)"/docker.sock /home/secdep/bin/docker ps --format '{{.Ports}}' | rev | cut -d'/' -f2 | sed 's@^[^0-9]*\([0-9]\+\).*@\1@' | rev | sort -u | tr '\n' ' ')"
+CURRENT_DOCKER_PORTS="$(DOCKER_HOST=unix:///run/user/"$(id -u secdep)"/docker.sock /home/secdep/bin/docker ps --format '{{.Ports}}' | tr ' ' '\n' | rev | cut -d'/' -f2 | sed 's@^[^0-9]*\([0-9]\+\).*@\1@' | rev | sort -u | tr '\n' ' ')"
 # Get the current ports allowed by the firewall
 CURRENT_FIREWALL_PORTS_FIREWALLD_CMD="$(sudo firewall-cmd --list-ports | tr '\n' ' ')"
 CURRENT_FIREWALL_PORTS_UFW_CMD="$(sudo ufw status numbered | grep -i allow | awk '{print $3}' | sed '/^[[:space:]]*$/d' | \grep -Eow '[[:digit:]]+' | sort -u | tr '\n' ' ')"
@@ -601,11 +601,6 @@ if [[ -n "$OLD_PORTS" ]]; then
     done
 fi
 sudo ufw allow 22100/tcp
-# Reallow the ports that portainer and watchtower use
-# just in case they were removed by the script above
-sudo ufw allow 9443/tcp
-sudo ufw allow 8000/tcp
-sudo ufw allow 8080/tcp
 if [[ "$currentFirewall" == "firewalld" ]]; then
     sudo firewall-cmd --reload
 else