diff --git a/scripts/install b/scripts/install
index 5d73a8c..d38cdf2 100644
--- a/scripts/install
+++ b/scripts/install
@@ -16,26 +16,12 @@ ynh_script_progression --message="Storing installation settings..." --weight=2
 
 if [[ $dns_over_https == 0 ]]; then
     dns_over_https="true"
-    # no need to open the ports, as they were opened at the 'Provisioning ports' step
-    ynh_print_info --message="DoH and DoQ ports are open."
 else
     dns_over_https="false"
-    # if dns_over_https is false, we need to close ports,
-    # as they were opened at the 'Provisioning ports' step
-    ynh_print_info --message="Closing DoH and DoQ ports..."
-    ynh_exec_warn_less yunohost firewall disallow Both "$port_dns_over_http" --no-reload
-    ynh_exec_warn_less yunohost firewall disallow UDP "$port_dns_over_quic"
 fi
 
 ynh_app_setting_set --app="$app" --key=dns_over_https --value="$dns_over_https"
 
-
-# if the port 53 is not open, open it, it's mandatory to use AGH
-if ! yunohost firewall list | grep -q " 53$"; then
-    ynh_print_info --message="Opening port 53..."
-    ynh_exec_warn_less yunohost firewall allow Both 53
-fi
-
 if [[ $expose_port_53 == 0 ]]; then
     expose_port_53="true"
 else
@@ -46,6 +32,34 @@ ynh_app_setting_set --app="$app" --key=expose_port_53 --value="$expose_port_53"
 
 ynh_app_setting_set --app="$app" --key=new_password --value=""
 
+#=================================================
+# PROCESS OPENING/CLOSING PORTS
+#=================================================
+
+# if the port 53 is not open, open it, it's mandatory to use AGH
+if ! yunohost firewall list | grep -q " 53$"; then
+    ynh_print_info --message="Opening port 53..."
+    ynh_exec_warn_less yunohost firewall allow Both 53
+fi
+
+if [ "${dns_over_https:-}" = true ]; then
+	# if DoH and DoQ are closed
+	if ! yunohost firewall list | grep -q " $port_dns_over_http$" && ! yunohost firewall list | grep -q " $port_dns_over_quic$"; then
+		ynh_print_info --message="Opening DoH and DoQ ports..."
+		ynh_exec_warn_less yunohost firewall allow Both "$port_dns_over_http" --no-reload
+		ynh_exec_warn_less yunohost firewall allow UDP "$port_dns_over_quic"
+	else
+		# no need to open the ports, as they were opened at the 'Provisioning ports' step
+		ynh_print_info --message="DoH and DoQ ports are open."
+	fi
+else
+    # if dns_over_https is false, we need to close ports,
+    # as they were opened at the 'Provisioning ports' step
+    ynh_print_info --message="Closing DoH and DoQ ports..."
+    ynh_exec_warn_less yunohost firewall disallow Both "$port_dns_over_http" --no-reload
+    ynh_exec_warn_less yunohost firewall disallow UDP "$port_dns_over_quic"
+fi
+
 #=================================================
 # DOWNLOAD, CHECK AND UNPACK SOURCE
 #=================================================
diff --git a/scripts/restore b/scripts/restore
index af315a0..84b28de 100644
--- a/scripts/restore
+++ b/scripts/restore
@@ -12,23 +12,32 @@ source /usr/share/yunohost/helpers
 
 #=================================================
 # PROCESS OPENING/CLOSING PORTS
-# no need to open the DoH/DoQ ports, as they were opened at the 'Provisioning ports' step
 #=================================================
 
-if [ "$dns_over_https" == "false" ]; then
-    # if dns_over_https is false, we need to close ports,
-    # as they were opened at the 'Provisioning ports' step
-    ynh_exec_warn_less yunohost firewall disallow Both "$port_dns_over_http" --no-reload
-    ynh_exec_warn_less yunohost firewall disallow UDP "$port_dns_over_quic"
-fi
-
-
 # if the port 53 is not open, open it, it's mandatory to use AGH
 if ! yunohost firewall list | grep -q " 53$"; then
     ynh_print_info --message="Opening port 53..."
     ynh_exec_warn_less yunohost firewall allow Both 53
 fi
 
+if [ "${dns_over_https:-}" = true ]; then
+	# if DoH and DoQ are closed
+	if ! yunohost firewall list | grep -q " $port_dns_over_http$" && ! yunohost firewall list | grep -q " $port_dns_over_quic$"; then
+		ynh_print_info --message="Opening DoH and DoQ ports..."
+		ynh_exec_warn_less yunohost firewall allow Both "$port_dns_over_http" --no-reload
+		ynh_exec_warn_less yunohost firewall allow UDP "$port_dns_over_quic"
+	else
+		# no need to open the ports, as they were opened at the 'Provisioning ports' step
+		ynh_print_info --message="DoH and DoQ ports are open."
+	fi
+else
+    # if dns_over_https is false, we need to close ports,
+    # as they were opened at the 'Provisioning ports' step
+    ynh_print_info --message="Closing DoH and DoQ ports..."
+    ynh_exec_warn_less yunohost firewall disallow Both "$port_dns_over_http" --no-reload
+    ynh_exec_warn_less yunohost firewall disallow UDP "$port_dns_over_quic"
+fi
+
 #=================================================
 # RESTORE THE APP MAIN DIR
 #=================================================
diff --git a/scripts/upgrade b/scripts/upgrade
index be9d0a6..9994107 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -29,12 +29,6 @@ ynh_systemd_action --service_name="$app" --action="stop"
 #=================================================
 ynh_script_progression --message="Ensuring downward compatibility..." --weight=1
 
-# if the port 53 is not open, open it, it's mandatory to use AGH
-if ! yunohost firewall list | grep -q " 53$"; then
-    ynh_print_info --message="Opening port 53..."
-    ynh_exec_warn_less yunohost firewall allow Both 53
-fi
-
 if [ -z "${expose_port_53:-}" ] && [ "${expose_port_53:-}" = true ]; then
     expose_port_53="true"
 	ynh_app_setting_set --app="$app" --key=expose_port_53 --value="$expose_port_53"
@@ -90,6 +84,34 @@ if [ -z "${new_password:-}" ]; then
 	ynh_app_setting_set --app="$app" --key=new_password --value=""
 fi
 
+#=================================================
+# PROCESS OPENING/CLOSING PORTS
+#=================================================
+
+# if the port 53 is not open, open it, it's mandatory to use AGH
+if ! yunohost firewall list | grep -q " 53$"; then
+    ynh_print_info --message="Opening port 53..."
+    ynh_exec_warn_less yunohost firewall allow Both 53
+fi
+
+if [ "${dns_over_https:-}" = true ]; then
+	# if DoH and DoQ are closed
+	if ! yunohost firewall list | grep -q " $port_dns_over_http$" && ! yunohost firewall list | grep -q " $port_dns_over_quic$"; then
+		ynh_print_info --message="Opening DoH and DoQ ports..."
+		ynh_exec_warn_less yunohost firewall allow Both "$port_dns_over_http" --no-reload
+		ynh_exec_warn_less yunohost firewall allow UDP "$port_dns_over_quic"
+	else
+		# no need to open the ports, as they were opened at the 'Provisioning ports' step
+		ynh_print_info --message="DoH and DoQ ports are open."
+	fi
+else
+    # if dns_over_https is false, we need to close ports,
+    # as they were opened at the 'Provisioning ports' step
+    ynh_print_info --message="Closing DoH and DoQ ports..."
+    ynh_exec_warn_less yunohost firewall disallow Both "$port_dns_over_http" --no-reload
+    ynh_exec_warn_less yunohost firewall disallow UDP "$port_dns_over_quic"
+fi
+
 #=================================================
 # DOWNLOAD, CHECK AND UNPACK SOURCE
 #=================================================