diff --git a/Shorewall/Perl/Shorewall/IPAddrs.pm b/Shorewall/Perl/Shorewall/IPAddrs.pm
index 2d1ae2603..b358848fe 100644
--- a/Shorewall/Perl/Shorewall/IPAddrs.pm
+++ b/Shorewall/Perl/Shorewall/IPAddrs.pm
@@ -436,7 +436,7 @@ sub validate_portpair( $$ ) {
     #
     # Accept '-' as a port-range separator
     #
-    $pair =~ tr/-/:/;
+    $pair =~ tr/-/:/ if $pair =~ /^[-0-9]+$/;
 
     fatal_error "Invalid port range ($portpair)" if $pair =~ tr/:/:/ > 1;
 
diff --git a/docs/configuration_file_basics.xml b/docs/configuration_file_basics.xml
index fb4ffb6bd..c44954264 100644
--- a/docs/configuration_file_basics.xml
+++ b/docs/configuration_file_basics.xml
@@ -2621,7 +2621,8 @@ DNAT       net        loc:192.168.1.3 tcp       <emphasis role="bold">4000:4100<
     "!4000:4100").</para>
 
     <para>Beginning with Shorewall 5.0.14, a hyphen ("-") may also be used to
-    separate the two port numbers.</para>
+    separate the two port numbers; when using service names, the colon must
+    still be used.</para>
 
     <programlisting>#ACTION    SOURCE     DESTINATION     PROTO     DPORT
 DNAT       net        loc:192.168.1.3 tcp       <emphasis role="bold">4000-4100</emphasis></programlisting>