diff --git a/applications/luci-app-firewall/htdocs/luci-static/resources/tools/firewall.js b/applications/luci-app-firewall/htdocs/luci-static/resources/tools/firewall.js
index a63f18aee1c6..67095021fee1 100644
--- a/applications/luci-app-firewall/htdocs/luci-static/resources/tools/firewall.js
+++ b/applications/luci-app-firewall/htdocs/luci-static/resources/tools/firewall.js
@@ -9,24 +9,25 @@
 'require validation';
 'require tools.prng as random';
 
+/* Only include protocol names that musl's getprotobyname() can resolve.
+ * nftables calls getprotobyname() for symbolic names; musl has a small
+ * hardcoded list (src/network/proto.c) and does not read /etc/protocols.
+ * Protocols not in this list must be entered by number in firewall rules. */
 const protocols = [
 	'ip', 0, 'IP',
-	'hopopt', 0, 'HOPOPT',
 	'icmp', 1, 'ICMP',
 	'igmp', 2, 'IGMP',
-	'ggp', 3 , 'GGP',
+	'ggp', 3, 'GGP',
 	'ipencap', 4, 'IP-ENCAP',
 	'st', 5, 'ST',
 	'tcp', 6, 'TCP',
 	'egp', 8, 'EGP',
-	'igp', 9, 'IGP',
 	'pup', 12, 'PUP',
 	'udp', 17, 'UDP',
 	'hmp', 20, 'HMP',
 	'xns-idp', 22, 'XNS-IDP',
 	'rdp', 27, 'RDP',
 	'iso-tp4', 29, 'ISO-TP4',
-	'dccp', 33, 'DCCP',
 	'xtp', 36, 'XTP',
 	'ddp', 37, 'DDP',
 	'idpr-cmtp', 38, 'IDPR-CMTP',
@@ -39,36 +40,15 @@ const protocols = [
 	'esp', 50, 'IPSEC-ESP',
 	'ah', 51, 'IPSEC-AH',
 	'skip', 57, 'SKIP',
-	'icmpv6', 58, 'IPv6-ICMP',
 	'ipv6-icmp', 58, 'IPv6-ICMP',
 	'ipv6-nonxt', 59, 'IPv6-NoNxt',
 	'ipv6-opts', 60, 'IPv6-Opts',
 	'rspf', 73, 'RSPF',
-	'rspf', 73, 'CPHB',
 	'vmtp', 81, 'VMTP',
-	'eigrp', 88, 'EIGRP',
 	'ospf', 89, 'OSPFIGP',
-	'ax.25', 93, 'AX.25',
 	'ipip', 94, 'IPIP',
-	'etherip', 97, 'ETHERIP',
 	'encap', 98, 'ENCAP',
 	'pim', 103, 'PIM',
-	'ipcomp', 108, 'IPCOMP',
-	'vrrp', 112, 'VRRP',
-	'l2tp', 115, 'L2TP',
-	'isis', 124, 'ISIS',
-	'sctp', 132, 'SCTP',
-	'fc', 133, 'FC',
-	'mh', 135, 'Mobility-Header',
-	'ipv6-mh', 135, 'Mobility-Header',
-	'mobility-header', 135, 'Mobility-Header',
-	'udplite', 136, 'UDPLite',
-	'mpls-in-ip', 137, 'MPLS-in-IP',
-	'manet', 138, 'MANET',
-	'hip', 139, 'HIP',
-	'shim6', 140, 'Shim6',
-	'wesp', 141, 'WESP',
-	'rohc', 142, 'ROHC',
 ];
 
 function lookupProto(x) {