diff --git a/src/conf/nwfilter_conf.c b/src/conf/nwfilter_conf.c
index ea9111deeb..fd027e3cf1 100644
--- a/src/conf/nwfilter_conf.c
+++ b/src/conf/nwfilter_conf.c
@@ -1897,7 +1897,7 @@ virNWFilterRuleParse(xmlNodePtr node)
     char *statematch;
     int found;
     int found_i = 0;
-    unsigned int priority;
+    int priority;
 
     xmlNodePtr cur;
     virNWFilterRuleDefPtr ret;
@@ -1943,8 +1943,9 @@ virNWFilterRuleParse(xmlNodePtr node)
     ret->priority = MAX_RULE_PRIORITY / 2;
 
     if (prio) {
-        if (virStrToLong_ui(prio, NULL, 10, &priority) >= 0) {
-            if (priority <= MAX_RULE_PRIORITY)
+        if (virStrToLong_i(prio, NULL, 10, &priority) >= 0) {
+            if (priority <= MAX_RULE_PRIORITY &&
+                priority >= MIN_RULE_PRIORITY)
                 ret->priority = priority;
         }
     }
diff --git a/src/conf/nwfilter_conf.h b/src/conf/nwfilter_conf.h
index 55b2aad35a..23475c44cf 100644
--- a/src/conf/nwfilter_conf.h
+++ b/src/conf/nwfilter_conf.h
@@ -357,7 +357,7 @@ enum virNWFilterEbtablesTableType {
 };
 
 
-# define MIN_RULE_PRIORITY  0
+# define MIN_RULE_PRIORITY  -1000
 # define MAX_RULE_PRIORITY  1000
 
 # define NWFILTER_MIN_FILTER_PRIORITY -1000
@@ -389,10 +389,12 @@ enum virNWFilterRuleFlags {
 void virNWFilterPrintStateMatchFlags(virBufferPtr buf, const char *prefix,
                                      int32_t flags, bool disp_none);
 
+typedef int32_t virNWFilterRulePriority;
+
 typedef struct _virNWFilterRuleDef  virNWFilterRuleDef;
 typedef virNWFilterRuleDef *virNWFilterRuleDefPtr;
 struct _virNWFilterRuleDef {
-    unsigned int priority;
+    virNWFilterRulePriority priority;
     enum virNWFilterRuleFlags flags;
     int action; /*enum virNWFilterRuleActionType*/
     int tt; /*enum virNWFilterRuleDirectionType*/
diff --git a/src/nwfilter/nwfilter_ebiptables_driver.c b/src/nwfilter/nwfilter_ebiptables_driver.c
index d9201d3c9f..7143d5e51e 100644
--- a/src/nwfilter/nwfilter_ebiptables_driver.c
+++ b/src/nwfilter/nwfilter_ebiptables_driver.c
@@ -388,7 +388,7 @@ ebiptablesAddRuleInst(virNWFilterRuleInstPtr res,
                       const char *neededChain,
                       virNWFilterChainPriority chainPriority,
                       char chainprefix,
-                      unsigned int priority,
+                      virNWFilterRulePriority priority,
                       enum RuleType ruleType)
 {
     ebiptablesRuleInstPtr inst;
diff --git a/src/nwfilter/nwfilter_ebiptables_driver.h b/src/nwfilter/nwfilter_ebiptables_driver.h
index 840009cb95..47ddff512d 100644
--- a/src/nwfilter/nwfilter_ebiptables_driver.h
+++ b/src/nwfilter/nwfilter_ebiptables_driver.h
@@ -38,7 +38,7 @@ struct _ebiptablesRuleInst {
     const char *neededProtocolChain;
     virNWFilterChainPriority chainPriority;
     char chainprefix;    /* I for incoming, O for outgoing */
-    unsigned int priority;
+    virNWFilterRulePriority priority;
     enum RuleType ruleType;
 };