diff --git a/src/freedombone b/src/freedombone
index f75883d6..5fe273c5 100755
--- a/src/freedombone
+++ b/src/freedombone
@@ -3910,6 +3910,9 @@ function configure_firewall_for_voip {
     if grep -Fxq "configure_firewall_for_voip" $COMPLETION_FILE; then
         return
     fi
+    if [[ $ONION_ONLY != "no" ]]; then
+        return
+    fi
     iptables -A INPUT -p udp --dport $VOIP_PORT -j ACCEPT
     iptables -A INPUT -p tcp --dport $VOIP_PORT -j ACCEPT
     save_firewall_settings
@@ -3923,6 +3926,9 @@ function configure_firewall_for_sip {
     if grep -Fxq "configure_firewall_for_sip" $COMPLETION_FILE; then
         return
     fi
+    if [[ $ONION_ONLY != "no" ]]; then
+        return
+    fi
     iptables -A INPUT -p udp --dport $SIP_PORT -j ACCEPT
     iptables -A INPUT -p tcp --dport $SIP_PORT -j ACCEPT
     save_firewall_settings
@@ -3936,6 +3942,9 @@ function configure_firewall_for_ipfs {
     if grep -Fxq "configure_firewall_for_ipfs" $COMPLETION_FILE; then
         return
     fi
+    if [[ $ONION_ONLY != "no" ]]; then
+        return
+    fi
     iptables -A INPUT -p tcp --dport $IPFS_PORT -j ACCEPT
     save_firewall_settings
     echo 'configure_firewall_for_ipfs' >> $COMPLETION_FILE
@@ -4049,6 +4058,9 @@ function configure_firewall_for_xmpp {
         # docker does its own firewalling
         return
     fi
+    if [[ $ONION_ONLY != "no" ]]; then
+        return
+    fi
     iptables -A INPUT -p tcp --dport 5222:5223 -j ACCEPT
     iptables -A INPUT -p tcp --dport 5269 -j ACCEPT
     iptables -A INPUT -p tcp --dport 5280:5281 -j ACCEPT
@@ -4067,6 +4079,9 @@ function configure_firewall_for_irc {
         # docker does its own firewalling
         return
     fi
+    if [[ $ONION_ONLY != "no" ]]; then
+        return
+    fi
     iptables -A INPUT -p tcp --dport $IRC_PORT  -j ACCEPT
     iptables -I INPUT -p tcp --dport 1024:65535 --sport $IRC_PORT -j ACCEPT
     save_firewall_settings
@@ -4081,6 +4096,9 @@ function configure_firewall_for_ftp {
         # docker does its own firewalling
         return
     fi
+    if [[ $ONION_ONLY != "no" ]]; then
+        return
+    fi
     iptables -I INPUT -p tcp --dport 1024:65535 --sport 20:21 -j ACCEPT
     save_firewall_settings
     echo 'configure_firewall_for_ftp' >> $COMPLETION_FILE
@@ -4094,6 +4112,9 @@ function configure_firewall_for_web_access {
         # docker does its own firewalling
         return
     fi
+    if [[ $ONION_ONLY != "no" ]]; then
+        return
+    fi
     iptables -A INPUT -p tcp --dport 32768:61000 --sport 80 -j ACCEPT
     iptables -A INPUT -p tcp --dport 32768:61000 --sport 443 -j ACCEPT
     save_firewall_settings
@@ -4108,6 +4129,9 @@ function configure_firewall_for_web_server {
         # docker does its own firewalling
         return
     fi
+    if [[ $ONION_ONLY != "no" ]]; then
+        return
+    fi
     iptables -A INPUT -p tcp --dport 80 -j ACCEPT
     iptables -A INPUT -p tcp --dport 443 -j ACCEPT
     save_firewall_settings
@@ -4122,6 +4146,9 @@ function configure_firewall_for_tox {
         # docker does its own firewalling
         return
     fi
+    if [[ $ONION_ONLY != "no" ]]; then
+        return
+    fi
     iptables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT
     save_firewall_settings
     echo 'configure_firewall_for_tox' >> $COMPLETION_FILE
@@ -4149,6 +4176,9 @@ function configure_firewall_for_git {
         # docker does its own firewalling
         return
     fi
+    if [[ $ONION_ONLY != "no" ]]; then
+        return
+    fi
     iptables -A INPUT -p tcp --dport 9418 -j ACCEPT
     save_firewall_settings
     echo 'configure_firewall_for_git' >> $COMPLETION_FILE
@@ -4165,6 +4195,9 @@ function configure_firewall_for_email {
         # docker does its own firewalling
         return
     fi
+    if [[ $ONION_ONLY != "no" ]]; then
+        return
+    fi
     iptables -A INPUT -p tcp --dport 25 -j ACCEPT
     iptables -A INPUT -p tcp --dport 587 -j ACCEPT
     iptables -A INPUT -p tcp --dport 465 -j ACCEPT