diff --git a/setup/start/cloudron-firewall.sh b/setup/start/cloudron-firewall.sh
index 336d4e4e9..77b470648 100755
--- a/setup/start/cloudron-firewall.sh
+++ b/setup/start/cloudron-firewall.sh
@@ -23,11 +23,19 @@ iptables -t filter -A CLOUDRON -p tcp -m tcp -m multiport --dports 22,25,80,202,
 # whitelist any user ports
 ports_json="/home/yellowtent/boxdata/firewall/ports.json"
 if allowed_tcp_ports=$(node -e "console.log(JSON.parse(fs.readFileSync('${ports_json}', 'utf8')).allowed_tcp_ports.join(','))" 2>/dev/null); then
-    [[ -n "${allowed_tcp_ports}" ]] && iptables -A CLOUDRON -p tcp -m tcp -m multiport --dports "${allowed_tcp_ports}" -j ACCEPT
+    IFS=',' arr=(${allowed_tcp_ports});
+    for p in "${arr[@]}"
+    do
+        iptables -A CLOUDRON -p tcp -m tcp --dport "${p}" -j ACCEPT
+    done
 fi
 
 if allowed_udp_ports=$(node -e "console.log(JSON.parse(fs.readFileSync('${ports_json}', 'utf8')).allowed_udp_ports.join(','))" 2>/dev/null); then
-    [[ -n "${allowed_tcp_ports}" ]] && iptables -A CLOUDRON -p udp -m udp -m multiport --dports "${allowed_tcp_ports}" -j ACCEPT
+    IFS=',' arr=(${allowed_udp_ports});
+    for p in "${arr[@]}"
+    do
+        iptables -A CLOUDRON -p udp -m udp --dport "${p}" -j ACCEPT
+    done
 fi
 
 # turn and stun service
@@ -92,3 +100,5 @@ fi
 # Workaround issue where Docker insists on adding itself first in FORWARD table
 iptables -D FORWARD -j CLOUDRON_RATELIMIT || true
 iptables -I FORWARD 1 -j CLOUDRON_RATELIMIT
+
+echo "==> Setting up firewall done"