diff --git a/templates/nftables.conf.j2 b/templates/nftables.conf.j2
index 50a597a..4d4ea25 100644
--- a/templates/nftables.conf.j2
+++ b/templates/nftables.conf.j2
@@ -16,13 +16,17 @@ table inet filter {
     # accept neighbour discovery otherwise IPv6 connectivity breaks.
     ip6 nexthdr icmpv6 icmpv6 type {nd-neighbor-solicit,  nd-router-advert, nd-neighbor-advert} accept
 
+{% if nftables_rules | length > 0 %}
     # include specific rules
     include "/srv/nftables/rules.conf"
+{% endif %}
 
     # count and drop any other traffic
     counter drop
   }
 }
 
+{% if nftables_tables | length > 0 %}
 # include more tables
 include "/srv/nftables/tables.conf"
+{% endif %}