diff --git a/Shorewall/Perl/Shorewall/IPAddrs.pm b/Shorewall/Perl/Shorewall/IPAddrs.pm
index ea5617bd9..7132d9141 100644
--- a/Shorewall/Perl/Shorewall/IPAddrs.pm
+++ b/Shorewall/Perl/Shorewall/IPAddrs.pm
@@ -55,6 +55,7 @@ our @EXPORT = qw( ALLIPv4
 		  DCCP
 		  IPv6_ICMP
 		  SCTP
+		  GRE
 
 		  validate_address
 		  validate_net
@@ -117,6 +118,7 @@ use constant { ALLIPv4             => '0.0.0.0/0' ,
 	       TCP                 => 6,
 	       UDP                 => 17,
 	       DCCP                => 33,
+	       GRE                 => 47,
 	       IPv6_ICMP           => 58,
 	       SCTP                => 132,
 	       UDPLITE             => 136 };
diff --git a/Shorewall/Perl/Shorewall/Raw.pm b/Shorewall/Perl/Shorewall/Raw.pm
index f1168c73e..35932c756 100644
--- a/Shorewall/Perl/Shorewall/Raw.pm
+++ b/Shorewall/Perl/Shorewall/Raw.pm
@@ -59,6 +59,7 @@ sub process_notrack_rule( $$$$$$$ ) {
 
     my $target = $action;
     my $exception_rule = '';
+    my $rule = do_proto( $proto, $ports, $sports ) . do_user ( $user );
 
     unless ( $action eq 'NOTRACK' ) {
 	(  $target, my ( $option, $args, $junk ) ) = split ':', $action, 4;
@@ -96,7 +97,7 @@ sub process_notrack_rule( $$$$$$$ ) {
 
     expand_rule( $chainref ,
 		 $restriction ,
-		 do_proto( $proto, $ports, $sports ) . do_user ( $user ) ,
+		 $rule,
 		 $source ,
 		 $dest ,
 		 '' ,
diff --git a/Shorewall/Perl/Shorewall/Tc.pm b/Shorewall/Perl/Shorewall/Tc.pm
index f36e703eb..49ecd7e48 100644
--- a/Shorewall/Perl/Shorewall/Tc.pm
+++ b/Shorewall/Perl/Shorewall/Tc.pm
@@ -488,7 +488,7 @@ sub process_tc_rule( ) {
 				     do_length( $length ) .
 				     do_tos( $tos ) .
 				     do_connbytes( $connbytes ) .
-				     do_helper( $helper ) .
+				     do_helper( $helper, $proto ) .
 				     do_headers( $headers ) ,
 				     $source ,
 				     $dest ,
@@ -1451,7 +1451,15 @@ sub process_tc_priority() {
 
     fatal_error "Invalid PRIORITY ($band)" unless $val && $val <= 3;
 
-    my $rule = do_helper( $helper ) . "-j MARK --set-mark $band";
+    my $rule;
+
+    unless ( $helper eq '-' ) {
+	fatal_error( "A PROTO is required when a HELPER is specified" ) if $proto eq '-';
+	fatal_error( "Unknown protocol" ) unless defined resolve_protocol( $proto );
+	$rule = do_helper( $helper, $proto ) . "-j MARK --set-mark $band";
+    } else {
+	$rule = '';
+    }
 
     $rule .= join('', '/', in_hex( $globals{TC_MASK} ) ) if have_capability( 'EXMARK' );