diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm
index 9824ca6dd..093e9f85e 100644
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@@ -1293,10 +1293,12 @@ sub process_rule1 ( $$$$$$$$$$$$$ ) {
 	    $loglevel = '';
 	}
 
-	unless ( $origdest eq '-' ) {
-	    require_capability( 'CONNTRACK_MATCH', 'ORIGINAL DEST in a non-NAT rule', 's' ) unless $actiontype & NATRULE;
-	} else {
-	    $origdest = '';
+	if ( $origdest ) {
+	    unless ( $origdest eq '-' ) {
+		require_capability( 'CONNTRACK_MATCH', 'ORIGINAL DEST in a non-NAT rule', 's' ) unless $actiontype & NATRULE;
+	    } else {
+		$origdest = '';
+	    }
 	}
 
 	$rule .= "-m conntrack --ctorigdstport $origdstports " if $capabilities{NEW_CONNTRACK_MATCH} && $origdstports;