diff --git a/config/action.d/pf.conf b/config/action.d/pf.conf
index b3a33cf2..905312c3 100644
--- a/config/action.d/pf.conf
+++ b/config/action.d/pf.conf
@@ -26,7 +26,8 @@
 #     }
 # to your main pf ruleset, where "namei" are the names of the jails
 # which invoke this action
-actionstart = echo "table <<tablename>-<name>> persist counters" | <pfctl> -f- 
+actionstart = echo "table <<tablename>-<name>> persist counters" | <pfctl> -f-
+              port="<port>"; if [ "$port" != "" ] && case "$port" in \{*) false;; esac; then port="{$port}"; fi
               echo "<block> proto <protocol> from <<tablename>-<name>> to <actiontype>" | <pfctl> -f-
 
 # Option:  start_on_demand - to start action on demand
@@ -119,5 +120,5 @@ allports = any
 # Option: multiport
 # Notes.: addition to block access only to specific ports
 # Usage.: use in jail config: "banaction = pf[actiontype=<multiport>]"
-multiport = any port {<port>}
+multiport = any port $port
 
diff --git a/fail2ban/tests/servertestcase.py b/fail2ban/tests/servertestcase.py
index a5e93d2d..8485aa74 100644
--- a/fail2ban/tests/servertestcase.py
+++ b/fail2ban/tests/servertestcase.py
@@ -1503,7 +1503,8 @@ class ServerConfigReaderTests(LogCaptureTestCase):
 					'ip4': (), 'ip6': (),
 					'start': (
 						'`echo "table <f2b-j-w-pf> persist counters" | pfctl -a f2b/j-w-pf -f-`',
-						'`echo "block quick proto tcp from <f2b-j-w-pf> to any port {<port>}" | pfctl -a f2b/j-w-pf -f-`',
+						'port="<port>"',
+						'`echo "block quick proto tcp from <f2b-j-w-pf> to any port $port" | pfctl -a f2b/j-w-pf -f-`',
 					),
 					'flush': (
 						'`pfctl -a f2b/j-w-pf -t f2b-j-w-pf -T flush`',
@@ -1525,7 +1526,8 @@ class ServerConfigReaderTests(LogCaptureTestCase):
 					'ip4': (), 'ip6': (),
 					'start': (
 						'`echo "table <f2b-j-w-pf-mp> persist counters" | pfctl -a f2b/j-w-pf-mp -f-`',
-						'`echo "block quick proto tcp from <f2b-j-w-pf-mp> to any port {http,https}" | pfctl -a f2b/j-w-pf-mp -f-`',
+						'port="http,https"',
+						'`echo "block quick proto tcp from <f2b-j-w-pf-mp> to any port $port" | pfctl -a f2b/j-w-pf-mp -f-`',
 					),
 					'flush': (
 						'`pfctl -a f2b/j-w-pf-mp -t f2b-j-w-pf-mp -T flush`',