diff --git a/NEWS b/NEWS
index c868bb239b77a469c1fda15de59e0a23835ed811..1a0c38d7c0711b44af58e90d131e45b6e3414c2e 100644
--- a/NEWS
+++ b/NEWS
@@ -2,6 +2,9 @@ release/005.008 (unreleased)
 
     [ssh] Add $max_sessions options. [adamhl]
 
+    [iptables] Ensure that port numbers are converted to strings inside
+    the rules erb file to avoid Ruby errors. [adamhl]
+
 release/005.007 (2017-06-22)
 
     [kerberos] Add option to completely override /etc/krb5.conf using
diff --git a/templates/iptables/rule.erb b/templates/iptables/rule.erb
index a7d69f1f47ecfa3958b7486d44654f74834ba532..1764533c8970f2a19824dc7d093af518bdd2f6da 100644
--- a/templates/iptables/rule.erb
+++ b/templates/iptables/rule.erb
@@ -1,7 +1,7 @@
 <%# Generic iptables rule template used by iptables::rule. -%>
 # <%= @name %><% if @description != '' then %> -- <%= @description %><% end %>
 <% [@port].flatten.each do |pt|              -%>
-<%   p = (pt != '') ? '--dport ' + pt : ''   -%>
+<%   p = (pt.to_s() != '') ? '--dport ' + pt.to_s() : ''   -%>
 <%   [@source].flatten.each do |src|         -%>
 <%     [@protocol].flatten.each do |pr|      -%>
 <%       syn = (pr == 'tcp') ? ' --syn' : '' -%>