diff --git a/bundles/nftables/metadata.py b/bundles/nftables/metadata.py
index 7f79932..721c1e7 100644
--- a/bundles/nftables/metadata.py
+++ b/bundles/nftables/metadata.py
@@ -58,7 +58,7 @@ def port_rules_to_nftables(metadata):
             if port == '*' and target == '*':
                 raise BundleError('firewall/port_rules: setting both port and target to * is unsupported')
 
-            comment = f'# port_rules {target}'
+            comment = f'comment "port_rules {target}"'
 
             if port != '*':
                 if ':' in port:
@@ -73,6 +73,10 @@ def port_rules_to_nftables(metadata):
 
             if target == '*':
                 ruleset.add(f'{prefix}{proto} {port_str}accept {comment}')
+            elif target == 'ipv4':
+                ruleset.add(f'{prefix}{proto} {port_str}ip version 4 accept {comment}')
+            elif target == 'ipv6':
+                ruleset.add(f'{prefix}{proto} {port_str}ip6 version 6 accept {comment}')
             else:
                 resolved = repo.libs.tools.resolve_identifier(repo, target)