diff --git a/etc/nftables/nftables-ns1.conf b/etc/nftables/nftables-ns1.conf
index 1fcc421..ec956c3 100644
--- a/etc/nftables/nftables-ns1.conf
+++ b/etc/nftables/nftables-ns1.conf
@@ -131,11 +131,11 @@ table inet filter {
         skuid powerdns meta l4proto { tcp, udp } th sport 54 th dport >= 1024 notrack accept
         skuid dnsdist meta l4proto { tcp, udp } th sport >= 1024 th dport 54 notrack accept
 
-        skuid powerdns meta l4proto tcp th sport 81 th dport >= 1024 notrack accept
+        skuid powerdns tcp sport 81 tcp dport >= 1024 notrack accept
 
-        skuid dnsdist meta l4proto tcp th sport 5199 th dport >= 1024 notrack accept
+        skuid dnsdist tcp sport 5199 tcp dport >= 1024 notrack accept
 
-        skuid zerotier-one meta l4proto tcp th sport 9993 th dport >= 1024 notrack accept
+        skuid zerotier-one tcp sport 9993 tcp dport >= 1024 notrack accept
 
         skuid != root counter goto graceful-reject
         notrack accept
diff --git a/etc/nftables/nftables-ns2.conf b/etc/nftables/nftables-ns2.conf
index 93b944b..14b2e15 100644
--- a/etc/nftables/nftables-ns2.conf
+++ b/etc/nftables/nftables-ns2.conf
@@ -129,9 +129,9 @@ table inet filter {
         skuid powerdns meta l4proto { tcp, udp } th sport 54 th dport >= 1024 notrack accept
         skuid dnsdist meta l4proto { tcp, udp } th sport >= 1024 th dport 54 notrack accept
 
-        skuid powerdns meta l4proto tcp th sport 81 th dport >= 1024 notrack accept
+        skuid powerdns tcp sport 81 tcp dport >= 1024 notrack accept
 
-        skuid dnsdist meta l4proto tcp th sport 5199 th dport >= 1024 notrack accept
+        skuid dnsdist tcp sport 5199 tcp dport >= 1024 notrack accept
 
         skuid != root counter goto graceful-reject
         notrack accept