diff --git a/src/firewall/core/fw_zone.py b/src/firewall/core/fw_zone.py
index 129306b..6eaed42 100644
--- a/src/firewall/core/fw_zone.py
+++ b/src/firewall/core/fw_zone.py
@@ -1719,6 +1719,8 @@ class FirewallZone(object):
                 if enable:
                     transaction.add_chain(zone, table, "INPUT")
                     transaction.add_chain(zone, table, "FORWARD_IN")
+                if enable and type(rule.action) == Rich_Mark:
+                    transaction.add_chain(zone, "mangle", "PREROUTING")
 
                 rules = backend.build_zone_icmp_block_rules(enable, zone, ict, rule)
                 transaction.add_rules(backend, rules)
diff --git a/src/firewall/core/nftables.py b/src/firewall/core/nftables.py
index 0198200..76668a6 100644
--- a/src/firewall/core/nftables.py
+++ b/src/firewall/core/nftables.py
@@ -1043,8 +1043,13 @@ class nftables(object):
                                                 zone=zone)
             table = "mangle"
             chain = "%s_%s_%s" % (table, target, chain_suffix)
-            rule_action = {"mangle": {"key": {"meta": {"key": "mark"}},
-                                      "value": rich_rule.action.set}}
+            value = rich_rule.action.set.split("/")
+            if len(value) > 1:
+                rule_action = {"mangle": {"key": {"meta": {"key": "mark"}},
+                                          "value": {"^": [{"&": [{"meta": {"key": "mark"}}, value[1]]}, value[0]]}}}
+            else:
+                rule_action = {"mangle": {"key": {"meta": {"key": "mark"}},
+                                          "value": value[0]}}
         else:
             raise FirewallError(INVALID_RULE,
                                 "Unknown action %s" % type(rich_rule.action))