diff --git a/config/action.d/nftables.conf b/config/action.d/nftables.conf
index c1fb8550..77cf3661 100644
--- a/config/action.d/nftables.conf
+++ b/config/action.d/nftables.conf
@@ -34,7 +34,7 @@ type = multiport
 
 rule_match-custom =
 rule_match-allports = meta l4proto \{ <protocol> \}
-rule_match-multiport = $proto dport \{ <port> \}
+rule_match-multiport = $proto dport \{ $(echo '<port>' | sed s/:/-/g) \}
 match = <rule_match-<type>>
 
 # Option:  rule_stat
diff --git a/fail2ban/tests/servertestcase.py b/fail2ban/tests/servertestcase.py
index b771ab50..f1b667b1 100644
--- a/fail2ban/tests/servertestcase.py
+++ b/fail2ban/tests/servertestcase.py
@@ -1296,11 +1296,11 @@ class ServerConfigReaderTests(LogCaptureTestCase):
 				),
 				'ip4-start': (
 					r"`nft add set inet f2b-table addr-set-j-w-nft-mp \{ type ipv4_addr\; \}`",
-					r"`nft add rule inet f2b-table f2b-chain $proto dport \{ http,https \} ip saddr @addr-set-j-w-nft-mp reject`",
+					r"`nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'http,https' | sed s/:/-/g) \} ip saddr @addr-set-j-w-nft-mp reject`",
 				), 
 				'ip6-start': (
 					r"`nft add set inet f2b-table addr6-set-j-w-nft-mp \{ type ipv6_addr\; \}`",
-					r"`nft add rule inet f2b-table f2b-chain $proto dport \{ http,https \} ip6 saddr @addr6-set-j-w-nft-mp reject`",
+					r"`nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'http,https' | sed s/:/-/g) \} ip6 saddr @addr6-set-j-w-nft-mp reject`",
 				),
 				'flush': (
 					"`{ nft flush set inet f2b-table addr-set-j-w-nft-mp 2> /dev/null; } || ",