diff --git a/common/ipt.sh b/common/ipt.sh
index 81c7f7a..ec5af86 100644
--- a/common/ipt.sh
+++ b/common/ipt.sh
@@ -328,7 +328,9 @@ produce_reverse_nfqws_rule()
 		# autottl - need only one incoming packet
 		[ "$MODE_FILTER" = autohostlist ] || rule=$(echo "$rule" | sed -re "s/$ipt_connbytes [0-9]+:[0-9]+/$ipt_connbytes 1:1/")
 	else
-		rule="$ipt_connbytes 1:$(first_packets_for_mode) $rule"
+		local n=1
+		[ "$MODE_FILTER" = autohostlist ] && n=$(first_packets_for_mode)
+		rule="$ipt_connbytes 1:$n $rule"
 	fi
 	echo "$rule" | reverse_nfqws_rule_stream
 }
diff --git a/common/nft.sh b/common/nft.sh
index 20e1a3a..1acd64f 100644
--- a/common/nft.sh
+++ b/common/nft.sh
@@ -598,9 +598,13 @@ nft_produce_reverse_nfqws_rule()
 	if contains "$rule" "$nft_connbytes "; then
 		# autohostlist - need several incoming packets
 		# autottl - need only one incoming packet
-		[ "$MODE_FILTER" = autohostlist ] || rule=$(echo "$rule" | sed -re 's/$nft_connbytes [0-9]+-[0-9]+/$nft_connbytes 1-1/')
+		[ "$MODE_FILTER" = autohostlist ] || rule=$(echo "$rule" | sed -re "s/$nft_connbytes [0-9]+-[0-9]+/$nft_connbytes 1/")
 	else
-		rule="$nft_connbytes 1-$(first_packets_for_mode) $rule"
+		# old nft does not swallow 1-1
+		local range=1
+		[ "$MODE_FILTER" = autohostlist ] && range=$(first_packets_for_mode)
+		[ "$range" = 1 ] || range="1-$range"
+		rule="$nft_connbytes $range $rule"
 	fi
 	nft_reverse_nfqws_rule $rule
 }