2 files changed, 6 insertions, 1 deletions

diff --git a/data/templates/firewall/nftables-defines.j2 b/data/templates/firewall/nftables-defines.j2
index 97fc123d5..5336f7ee6 100644
--- a/data/templates/firewall/nftables-defines.j2
+++ b/data/templates/firewall/nftables-defines.j2
@@ -7,6 +7,7 @@
     set A_{{ group_name }} {
         type {{ ip_type }}
         flags interval
+        auto-merge
 {%             if group_conf.address is vyos_defined or includes %}
         elements = { {{ group_conf.address | nft_nested_group(includes, group.address_group, 'address') | join(",") }} }
 {%             endif %}
@@ -19,6 +20,7 @@
     set A6_{{ group_name }} {
         type {{ ip_type }}
         flags interval
+        auto-merge
 {%             if group_conf.address is vyos_defined or includes %}
         elements = { {{ group_conf.address | nft_nested_group(includes, group.ipv6_address_group, 'address') | join(",") }} }
 {%             endif %}
@@ -42,6 +44,7 @@
     set N_{{ group_name }} {
         type {{ ip_type }}
         flags interval
+        auto-merge
 {%             if group_conf.network is vyos_defined or includes %}
         elements = { {{ group_conf.network | nft_nested_group(includes, group.network_group, 'network') | join(",") }} }
 {%             endif %}
@@ -54,6 +57,7 @@
     set N6_{{ group_name }} {
         type {{ ip_type }}
         flags interval
+        auto-merge
 {%             if group_conf.network is vyos_defined or includes %}
         elements = { {{ group_conf.network | nft_nested_group(includes, group.ipv6_network_group, 'network') | join(",") }} }
 {%             endif %}
@@ -66,6 +70,7 @@
     set P_{{ group_name }} {
         type inet_service
         flags interval
+        auto-merge
 {%             if group_conf.port is vyos_defined or includes %}
         elements = { {{ group_conf.port | nft_nested_group(includes, group.port_group, 'port') | join(",") }} }
 {%             endif %}
diff --git a/data/templates/firewall/nftables.j2 b/data/templates/firewall/nftables.j2
index c0780dad5..9d609f73f 100644
--- a/data/templates/firewall/nftables.j2
+++ b/data/templates/firewall/nftables.j2
@@ -175,7 +175,7 @@ table ip6 vyos_filter {
 {%                 endif %}
 {%             endfor %}
 {%         endif %}
-        {{ conf | nft_default_rule(name_text) }}
+        {{ conf | nft_default_rule(name_text, ipv6=True) }}
     }
 {%     endfor %}
 {%     for set_name in ns.sets %}