diff --git a/data/templates/firewall/nftables.j2 b/data/templates/firewall/nftables.j2
index f810496f91..4cfa65f341 100755
--- a/data/templates/firewall/nftables.j2
+++ b/data/templates/firewall/nftables.j2
@@ -34,13 +34,13 @@ table ip6 raw {
 delete table ip vyos_filter
 {% endif %}
 table ip vyos_filter {
-{% if ipv4 is vyos_defined %}
-{%     if flowtable is vyos_defined %}
-{%         for name, flowtable_conf in flowtable.items() %}
+{% if flowtable is vyos_defined %}
+{%     for name, flowtable_conf in flowtable.items() %}
 {{ offload_tmpl.flowtable(name, flowtable_conf) }}
-{%         endfor %}
-{%     endif %}
+{%     endfor %}
+{% endif %}
 
+{% if ipv4 is vyos_defined %}
 {%     set ns = namespace(sets=[]) %}
 {%     if ipv4.forward is vyos_defined %}
 {%         for prior, conf in ipv4.forward.items() %}
@@ -222,13 +222,13 @@ table ip vyos_filter {
 delete table ip6 vyos_filter
 {% endif %}
 table ip6 vyos_filter {
-{% if ipv6 is vyos_defined %}
-{%     if flowtable is vyos_defined %}
-{%         for name, flowtable_conf in flowtable.items() %}
+{% if flowtable is vyos_defined %}
+{%     for name, flowtable_conf in flowtable.items() %}
 {{ offload_tmpl.flowtable(name, flowtable_conf) }}
-{%         endfor %}
-{%     endif %}
+{%     endfor %}
+{% endif %}
 
+{% if ipv6 is vyos_defined %}
 {%     set ns = namespace(sets=[]) %}
 {%     if ipv6.forward is vyos_defined %}
 {%         for prior, conf in ipv6.forward.items() %}
diff --git a/interface-definitions/include/firewall/default-action-base-chains.xml.i b/interface-definitions/include/firewall/default-action-base-chains.xml.i
index aa62abf3d0..3bfaf533a4 100644
--- a/interface-definitions/include/firewall/default-action-base-chains.xml.i
+++ b/interface-definitions/include/firewall/default-action-base-chains.xml.i
@@ -17,6 +17,5 @@
       <regex>(drop|accept)</regex>
     </constraint>
   </properties>
-  <defaultValue>accept</defaultValue>
 </leafNode>
 <!-- include end -->
diff --git a/python/vyos/template.py b/python/vyos/template.py
index 824d421361..8ffa3f3e9f 100755
--- a/python/vyos/template.py
+++ b/python/vyos/template.py
@@ -600,7 +600,7 @@ def nft_rule(rule_conf, fw_hook, fw_name, rule_id, ip_name='ip'):
 @register_filter('nft_default_rule')
 def nft_default_rule(fw_conf, fw_name, family):
     output = ['counter']
-    default_action = fw_conf['default_action']
+    default_action = fw_conf.get('default_action', 'accept')
     #family = 'ipv6' if ipv6 else 'ipv4'
 
     if 'default_log' in fw_conf:
diff --git a/smoketest/scripts/cli/test_firewall.py b/smoketest/scripts/cli/test_firewall.py
index 89449c938f..5a98c76a52 100755
--- a/smoketest/scripts/cli/test_firewall.py
+++ b/smoketest/scripts/cli/test_firewall.py
@@ -650,6 +650,14 @@ def test_ipv4_global_state(self):
         self.cli_set(['firewall', 'global-options', 'state-policy', 'related', 'action', 'accept'])
         self.cli_set(['firewall', 'global-options', 'state-policy', 'invalid', 'action', 'drop'])
 
+        self.cli_set(['firewall', 'ipv4', 'input', 'filter', 'rule', '1', 'action', 'accept'])
+        self.cli_set(['firewall', 'ipv4', 'input', 'filter', 'rule', '1', 'protocol', 'tcp'])
+        self.cli_set(['firewall', 'ipv4', 'input', 'filter', 'rule', '1', 'destination', 'port', '22'])
+
+        self.cli_set(['firewall', 'ipv4', 'forward', 'filter', 'rule', '1', 'action', 'accept'])
+        self.cli_set(['firewall', 'ipv4', 'forward', 'filter', 'rule', '1', 'protocol', 'tcp'])
+        self.cli_set(['firewall', 'ipv4', 'forward', 'filter', 'rule', '1', 'destination', 'port', '22'])
+
         self.cli_commit()
 
         nftables_search = [
@@ -766,6 +774,7 @@ def test_bridge_firewall(self):
         self.cli_set(['firewall', 'bridge', 'prerouting', 'filter', 'rule', '2', 'ethernet-type', 'arp'])
         self.cli_set(['firewall', 'bridge', 'prerouting', 'filter', 'rule', '2', 'action', 'accept'])
 
+        self.cli_set(['firewall', 'bridge', 'output', 'filter', 'rule', '1', 'action', 'accept'])
 
         self.cli_commit()
 
diff --git a/src/conf_mode/firewall.py b/src/conf_mode/firewall.py
index 6630b811da..23133d349c 100755
--- a/src/conf_mode/firewall.py
+++ b/src/conf_mode/firewall.py
@@ -539,11 +539,11 @@ def verify(firewall):
             for chain in ['name','forward','input','output', 'prerouting']:
                 if chain in firewall[family]:
                     for priority, priority_conf in firewall[family][chain].items():
-                        if 'jump' in priority_conf['default_action'] and 'default_jump_target' not in priority_conf:
+                        if 'jump' in priority_conf.get('default_action', []) and 'default_jump_target' not in priority_conf:
                             raise ConfigError('default-action set to jump, but no default-jump-target specified')
                         if 'default_jump_target' in priority_conf:
                             target = priority_conf['default_jump_target']
-                            if 'jump' not in priority_conf['default_action']:
+                            if 'jump' not in priority_conf.get('default_action', []):
                                 raise ConfigError('default-jump-target defined, but default-action jump needed and it is not defined')
                             if priority_conf['default_jump_target'] == priority:
                                 raise ConfigError(f'Loop detected on default-jump-target.')