diff --git a/defaults/main.yaml b/defaults/main.yaml
index 781d17f..035c4f8 100644
--- a/defaults/main.yaml
+++ b/defaults/main.yaml
@@ -30,6 +30,12 @@ firewall_basic_rules:
     to_port: "22"
     from_ip: "192.168.10.55"
 firewall_host_rules: []
+firewall_portless_protocols:
+  - "ah"
+  - "esp"
+  - "gre"
+  - "igmp"
+  - "vrrp"
 
 # ntp
 ntp_server: "time.cloudflare.com"
diff --git a/tasks/firewall.yaml b/tasks/firewall.yaml
index 048d5d2..515c154 100644
--- a/tasks/firewall.yaml
+++ b/tasks/firewall.yaml
@@ -60,7 +60,8 @@
                 direction: "in"
                 proto: "{{ item.proto | default('tcp') }}"
                 from_ip: "{{ item.from_ip }}"
-                to_port: "{{ item.to_port }}"
+                to_port:
+                  "{{ omit if (item.proto | default('tcp')) in common_firewall_portless_protocols else item.to_port }}"
               loop: "{{ __firewall_all_rules  }}"
               loop_control:
                 label: " {{ item.name }}"