diff --git a/firewall.py b/firewall.py
index b93c416..926ea70 100755
--- a/firewall.py
+++ b/firewall.py
@@ -175,7 +175,7 @@ class SNat(RestrictiveBaseModel):
 
 
 class Nat(RestrictiveBaseModel):
-    protocols: set[str] = {"icmp", "udp", "tcp"}
+    protocols: set[str] | None = {"icmp", "udp", "tcp"}
     src: AutoSet[IPv4Network | ZoneName]
     dst: AutoSet[IPv4Network | ZoneName]
     snat: SNat
@@ -573,13 +573,14 @@ def parse_nat(nat: list[Nat], zones: Zones) -> nft.Table:
                     )
                 )
 
-        rule.stmts.append(
-            nft.Match(
-                op="==",
-                left=nft.Payload(protocol="ip", field="protocol"),
-                right=entry.protocols,
+        if entry.protocols is not None:
+            rule.stmts.append(
+                nft.Match(
+                    op="==",
+                    left=nft.Payload(protocol="ip", field="protocol"),
+                    right=entry.protocols,
+                )
             )
-        )
 
         rule.stmts.append(
             nft.Snat(