diff --git a/openwrt/files/ua2f.init b/openwrt/files/ua2f.init
index 519c394..399da6c 100755
--- a/openwrt/files/ua2f.init
+++ b/openwrt/files/ua2f.init
@@ -36,6 +36,7 @@ setup_firewall() {
 	config_get_bool handle_mmtls "firewall" "handle_mmtls" "0"
 
 	if [ -n "$FW4" ]; then
+	  modprobe nf_conntrack
 		nft -f- <<-EOF
 			table inet ua2f {
 				set localaddr_v4 {
@@ -66,6 +67,8 @@ setup_firewall() {
 				chain prerouting {
 					type filter hook prerouting priority mangle -5; policy accept;
 
+          meta l4proto != tcp counter return comment "!ua2f: not tcp";
+
 					ip daddr @localaddr_v4 counter return;
 					ip6 daddr @localaddr_v6 counter return;