We take the output of journalctl since the last boot (-b flag) and output from PROTO= until the EOL. Then, we remove identification tags (PROTO=/SPT=/DPT=/LEN=) and print just the protocol and destination port (cols 1 and 3). We sort the output properly so we can aggregate them on the call over uniq.

• Only works on Linux
• You use firewalld and you have logging set on ALL (see firewalld.conf for details)
• You use journald for logging
• Your user has sudo privileges