diff --git a/harden b/harden
index 6c51baf..9ca6119 100755
--- a/harden
+++ b/harden
@@ -515,7 +515,7 @@ function dynamicDockerPortsCronjob {
 CURRENT_DOCKER_PORTS="$(DOCKER_HOST=unix:///run/user/"$(id -u secdep)"/docker.sock /home/secdep/bin/docker ps --format '{{.Ports}}' | rev | cut -d'/' -f2 | sed 's@^[^0-9]*\([0-9]\+\).*@\1@' | rev | sort -u | tr '\n' ' ')"
 # Get the current ports allowed by the firewall
 CURRENT_FIREWALL_PORTS_FIREWALLD_CMD="$(sudo firewall-cmd --list-ports | tr '\n' ' ')"
-CURRENT_FIREWALL_PORTS_UFW_CMD="$(sudo ufw status numbered | awk '{print $3}' | sed '/^[[:space:]]*$/d' | \grep -Eow '[[:digit:]]+' | sort -u | tr '\n' ' ')"
+CURRENT_FIREWALL_PORTS_UFW_CMD="$(sudo ufw status numbered | grep -i allow | awk '{print $3}' | sed '/^[[:space:]]*$/d' | \grep -Eow '[[:digit:]]+' | sort -u | tr '\n' ' ')"
 # Determine if ufw or firewalld is currently used
 whereis ufw | grep -q /ufw && currentFirewall="ufw" || currentFirewall="firewalld"
 # Find which ports are not allowed by the firewall but are used by docker