diff --git a/src/freedombone-utils-avahi b/src/freedombone-utils-avahi
index f30fe11f..705dada4 100755
--- a/src/freedombone-utils-avahi
+++ b/src/freedombone-utils-avahi
@@ -126,4 +126,19 @@ function install_avahi {
     mark_completed $FUNCNAME
 }
 
+function configure_firewall_for_avahi {
+    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+        return
+    fi
+    iptables -A INPUT -p tcp --dport 548 -j ACCEPT
+    iptables -A INPUT -p udp --dport 548 -j ACCEPT
+    iptables -A INPUT -p tcp --dport 5353 -j ACCEPT
+    iptables -A INPUT -p udp --dport 5353 -j ACCEPT
+    iptables -A INPUT -p tcp --dport 5354 -j ACCEPT
+    iptables -A INPUT -p udp --dport 5354 -j ACCEPT
+    function_check save_firewall_settings
+    save_firewall_settings
+    mark_completed $FUNCNAME
+}
+
 # NOTE: deliberately there is no "exit 0"
diff --git a/src/freedombone-utils-dns b/src/freedombone-utils-dns
index b53351c4..9dcee072 100755
--- a/src/freedombone-utils-dns
+++ b/src/freedombone-utils-dns
@@ -203,4 +203,18 @@ function set_your_domain_name {
     mark_completed $FUNCNAME
 }
 
+function configure_firewall_for_dns {
+    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+        return
+    fi
+    if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
+        # docker does its own firewalling
+        return
+    fi
+    iptables -A INPUT -p udp -m udp --dport 1024:65535 --sport 53 -j ACCEPT
+    function_check save_firewall_settings
+    save_firewall_settings
+    mark_completed $FUNCNAME
+}
+
 # NOTE: deliberately no exit 0
diff --git a/src/freedombone-utils-firewall b/src/freedombone-utils-firewall
index d54ac5d5..6079f491 100755
--- a/src/freedombone-utils-firewall
+++ b/src/freedombone-utils-firewall
@@ -118,97 +118,6 @@ function configure_firewall_ping {
     mark_completed $FUNCNAME
 }
 
-function configure_firewall_for_avahi {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
-        return
-    fi
-    iptables -A INPUT -p tcp --dport 548 -j ACCEPT
-    iptables -A INPUT -p udp --dport 548 -j ACCEPT
-    iptables -A INPUT -p tcp --dport 5353 -j ACCEPT
-    iptables -A INPUT -p udp --dport 5353 -j ACCEPT
-    iptables -A INPUT -p tcp --dport 5354 -j ACCEPT
-    iptables -A INPUT -p udp --dport 5354 -j ACCEPT
-    function_check save_firewall_settings
-    save_firewall_settings
-    mark_completed $FUNCNAME
-}
-
-function configure_firewall_for_dns {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
-        return
-    fi
-    if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
-        # docker does its own firewalling
-        return
-    fi
-    iptables -A INPUT -p udp -m udp --dport 1024:65535 --sport 53 -j ACCEPT
-    function_check save_firewall_settings
-    save_firewall_settings
-    mark_completed $FUNCNAME
-}
-
-function configure_firewall_for_web_access {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
-        return
-    fi
-    if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
-        # docker does its own firewalling
-        return
-    fi
-    if [[ $ONION_ONLY != "no" ]]; then
-        return
-    fi
-    firewall_remove 80 tcp
-    firewall_remove 443 tcp
-    mark_completed $FUNCNAME
-}
-
-function configure_firewall_for_web_server {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
-        return
-    fi
-    if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
-        # docker does its own firewalling
-        return
-    fi
-    if [[ $ONION_ONLY != "no" ]]; then
-        return
-    fi
-
-    firewall_add HTTP 80 tcp
-    firewall_add HTTPS 443 tcp
-    mark_completed $FUNCNAME
-}
-
-function configure_firewall_for_ssh {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
-        return
-    fi
-    if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
-        # docker does its own firewalling
-        return
-    fi
-
-    firewall_add SSH ${SSH_PORT} tcp
-    mark_completed $FUNCNAME
-}
-
-function configure_firewall_for_git {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
-        return
-    fi
-    if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
-        # docker does its own firewalling
-        return
-    fi
-    if [[ $ONION_ONLY != "no" ]]; then
-        return
-    fi
-
-    firewall_add Git 9418 tcp
-    mark_completed $FUNCNAME
-}
-
 function configure_internet_protocol {
     if [[ $(is_completed $FUNCNAME) == "1" ]]; then
         return
diff --git a/src/freedombone-utils-git b/src/freedombone-utils-git
index 90e95392..ee297f30 100755
--- a/src/freedombone-utils-git
+++ b/src/freedombone-utils-git
@@ -136,4 +136,20 @@ function set_repo_commit {
     fi
 }
 
+function configure_firewall_for_git {
+    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+        return
+    fi
+    if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
+        # docker does its own firewalling
+        return
+    fi
+    if [[ $ONION_ONLY != "no" ]]; then
+        return
+    fi
+
+    firewall_add Git 9418 tcp
+    mark_completed $FUNCNAME
+}
+
 # NOTE: deliberately no exit 0
diff --git a/src/freedombone-utils-ssh b/src/freedombone-utils-ssh
index 106a8204..a660fc26 100755
--- a/src/freedombone-utils-ssh
+++ b/src/freedombone-utils-ssh
@@ -139,4 +139,17 @@ function regenerate_ssh_keys {
     mark_completed $FUNCNAME
 }
 
+function configure_firewall_for_ssh {
+    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+        return
+    fi
+    if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
+        # docker does its own firewalling
+        return
+    fi
+
+    firewall_add SSH ${SSH_PORT} tcp
+    mark_completed $FUNCNAME
+}
+
 # NOTE: deliberately no exit 0
diff --git a/src/freedombone-utils-web b/src/freedombone-utils-web
index e0884ac2..d4b1b216 100755
--- a/src/freedombone-utils-web
+++ b/src/freedombone-utils-web
@@ -598,4 +598,20 @@ function remove_certs {
     fi
 }
 
+function configure_firewall_for_web_access {
+    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+        return
+    fi
+    if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
+        # docker does its own firewalling
+        return
+    fi
+    if [[ $ONION_ONLY != "no" ]]; then
+        return
+    fi
+    firewall_add HTTP 80 tcp
+    firewall_add HTTPS 443 tcp
+    mark_completed $FUNCNAME
+}
+
 # NOTE: deliberately no exit 0