--- a/netfilter/iptcrdr.c
+++ b/netfilter/iptcrdr.c
@@ -1116,9 +1116,13 @@ addnatrule(int proto, unsigned short epo
 	} else {
 		match = get_udp_match(eport, 0);
 	}
-	e->nfcache = NFC_IP_DST_PT;
+#ifdef NFC_UNKNOWN
+	e->nfcache = NFC_UNKNOWN;
+#endif
 	target = get_dnat_target(iaddr, iport);
-	e->nfcache |= NFC_UNKNOWN;
+#ifdef NFC_IP_DST_PT
+	e->nfcache |= NFC_IP_DST_PT;
+#endif
 	tmp = realloc(e, sizeof(struct ipt_entry)
 	               + match->u.match_size
 				   + target->u.target_size);
@@ -1186,9 +1190,13 @@ addmasqueraderule(int proto,
 	} else {
 		match = get_udp_match(0, iport);
 	}
-	e->nfcache = NFC_IP_DST_PT;
+#ifdef NFC_UNKNOWN
+        e->nfcache = NFC_UNKNOWN;
+#endif
 	target = get_masquerade_target(eport);
-	e->nfcache |= NFC_UNKNOWN;
+#ifdef NFC_IP_DST_PT
+	e->nfcache |= NFC_IP_DST_PT;
+#endif
 	tmp = realloc(e, sizeof(struct ipt_entry)
 	               + match->u.match_size
 				   + target->u.target_size);
@@ -1266,9 +1274,16 @@ addpeernatrule(int proto,
 	} else {
 		match = get_udp_match(rport, iport);
 	}
-	e->nfcache = NFC_IP_DST_PT | NFC_IP_SRC_PT;
+#ifdef NFC_UNKNOWN
+        e->nfcache = NFC_UNKNOWN;
+#endif
 	target = get_snat_target(eaddr, eport);
-	e->nfcache |= NFC_UNKNOWN;
+#ifdef NFC_IP_DST_PT
+	e->nfcache |= NFC_IP_DST_PT;
+#endif
+#ifdef NFC_IP_SRC_PT
+	e->nfcache |= NFC_IP_SRC_PT;
+#endif
 	tmp = realloc(e, sizeof(struct ipt_entry)
 	               + match->u.match_size
 				   + target->u.target_size);
@@ -1337,9 +1352,16 @@ addpeerdscprule(int proto, unsigned char
 	} else {
 		match = get_udp_match(rport, iport);
 	}
-	e->nfcache = NFC_IP_DST_PT | NFC_IP_SRC_PT;
+#ifdef NFC_UNKNOWN
+	e->nfcache = NFC_UNKNOWN;
+#endif
 	target = get_dscp_target(dscp);
-	e->nfcache |= NFC_UNKNOWN;
+#ifdef NFC_IP_DST_PT
+	e->nfcache |= NFC_IP_DST_PT;
+#endif
+#ifdef NFC_IP_SRC_PT
+	e->nfcache |= NFC_IP_SRC_PT;
+#endif
 	tmp = realloc(e, sizeof(struct ipt_entry)
 	               + match->u.match_size
 				   + target->u.target_size);
@@ -1420,11 +1442,15 @@ add_filter_rule(int proto, const char *
 	} else {
 		match = get_udp_match(iport,0);
 	}
-	e->nfcache = NFC_IP_DST_PT;
 	e->ip.dst.s_addr = inet_addr(iaddr);
 	e->ip.dmsk.s_addr = INADDR_NONE;
+#ifdef NFC_UNKNOWN
+	e->nfcache = NFC_UNKNOWN;
+#endif
 	target = get_accept_target();
-	e->nfcache |= NFC_UNKNOWN;
+#ifdef NFC_IP_DST_PT
+	e->nfcache |= NFC_IP_DST_PT;
+#endif
 	tmp = realloc(e, sizeof(struct ipt_entry)
 	               + match->u.match_size
 				   + target->u.target_size);