--- a/net/netfilter/xt_cluster.c
+++ b/net/netfilter/xt_cluster.c
@@ -134,6 +134,12 @@ static int xt_cluster_mt_checkentry(const struct xt_mtchk_param *par)
 {
        struct xt_cluster_match_info *info = par->matchinfo;
 
+       if (par->family != NFPROTO_IPV4 && par->family != NFPROTO_IPV6) {
+               pr_info_ratelimited("protocol family %u not supported\n",
+                                   par->family);
+               return -EINVAL;
+       }
+
        if (info->total_nodes > XT_CLUSTER_NODES_MAX) {
                pr_info_ratelimited("you have exceeded the maximum number of cluster nodes (%u > %u)\n",
                                    info->total_nodes, XT_CLUSTER_NODES_MAX);