diff --git a/Shorewall/Perl/Shorewall/Raw.pm b/Shorewall/Perl/Shorewall/Raw.pm
index 0d3bdb40b..06c6fba93 100644
--- a/Shorewall/Perl/Shorewall/Raw.pm
+++ b/Shorewall/Perl/Shorewall/Raw.pm
@@ -138,10 +138,12 @@ sub process_conntrack_rule( $$$$$$$$$$ ) {
 
 	require_capability 'CT_TARGET', 'CT entries in the conntrack file', '';
 
-	if ( $proto =~ s/:all$// ) {
-	    fatal_error '":all" may only be used with TCP' unless resolve_proto( $proto ) == TCP;
-	} else {
-	    $proto = TCP . ':syn' if $proto !~ /:syn/ && resolve_proto( $proto ) == TCP;
+	if ( $proto ne '-' ) {
+	    if ( $proto =~ s/:all$// ) {
+		fatal_error '":all" may only be used with TCP' unless resolve_proto( $proto ) == TCP;
+	    } else {
+		$proto = TCP . ':syn' if $proto !~ /:syn/ && resolve_proto( $proto ) == TCP;
+	    }
 	}
 
 	if ( $option eq 'notrack' ) {