diff --git a/src/conf/nwfilter_conf.h b/src/conf/nwfilter_conf.h
index eeec10e67b600be2e52090471d3e98c7e1c29d13..f960bf3d56f1afd45bd60179aa9898b76099b813 100644
--- a/src/conf/nwfilter_conf.h
+++ b/src/conf/nwfilter_conf.h
@@ -86,7 +86,7 @@ typedef enum {
   (((data)->flags) & NWFILTER_ENTRY_ITEM_FLAG_IS_NEG)
 
 /* datatypes appearing in rule attributes */
-enum attrDatatype {
+typedef enum attrDatatype {
     DATATYPE_UINT16           = (1 << 0),
     DATATYPE_UINT8            = (1 << 1),
     DATATYPE_UINT16_HEX       = (1 << 2),
@@ -106,7 +106,7 @@ enum attrDatatype {
     DATATYPE_IPSETFLAGS       = (1 << 16),
 
     DATATYPE_LAST             = (1 << 17),
-};
+} virNWFilterAttrDataType;
 
 # define NWFILTER_MAC_BGA "01:80:c2:00:00:00"
 
diff --git a/src/nwfilter/nwfilter_ebiptables_driver.c b/src/nwfilter/nwfilter_ebiptables_driver.c
index b8682a11305a309d69eb1fdb0dfa2ddeb72bd0c7..b19b07c84548cf22efcf389660be7bc158538274 100644
--- a/src/nwfilter/nwfilter_ebiptables_driver.c
+++ b/src/nwfilter/nwfilter_ebiptables_driver.c
@@ -320,11 +320,16 @@ _printDataType(virNWFilterVarCombIterPtr vars,
         VIR_FREE(flags);
     break;
 
-    default:
+    case DATATYPE_STRING:
+    case DATATYPE_STRINGCOPY:
+    case DATATYPE_BOOLEAN:
         virReportError(VIR_ERR_INTERNAL_ERROR,
-                       _("Unhandled datatype %x"), item->datatype);
+                       _("Cannot print data type %x"), item->datatype);
+        return -1;
+    case DATATYPE_LAST:
+    default:
+        virReportEnumRangeError(virNWFilterAttrDataType, item->datatype);
         return -1;
-    break;
     }
 
     return 0;
@@ -1183,7 +1188,7 @@ _iptablesCreateRuleInstance(virFirewallPtr fw,
 
     PRINT_IPT_ROOT_CHAIN(chain, chainPrefix, ifname);
 
-    switch (rule->prtclType) {
+    switch ((int)rule->prtclType) {
     case VIR_NWFILTER_RULE_PROTOCOL_TCP:
     case VIR_NWFILTER_RULE_PROTOCOL_TCPoIPV6:
         fwrule = virFirewallAddRule(fw, layer,
@@ -1873,7 +1878,7 @@ ebtablesCreateRuleInstance(virFirewallPtr fw,
 #define INST_ITEM_MASK(S, I, MASK, C) \
     INST_ITEM_2PARMS(S, I, MASK, C, "/")
 
-    switch (rule->prtclType) {
+    switch ((int)rule->prtclType) {
     case VIR_NWFILTER_RULE_PROTOCOL_MAC:
         fwrule = virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
                                     "-t", "nat",
@@ -2677,7 +2682,7 @@ ebtablesCreateTmpSubChainFW(virFirewallPtr fw,
     fwrule = virFirewallAddRule(fw, VIR_FIREWALL_LAYER_ETHERNET,
                                 "-t", "nat", "-A", rootchain, NULL);
 
-    switch (protoidx) {
+    switch ((int)protoidx) {
     case L2_PROTO_MAC_IDX:
         break;
     case L2_PROTO_STP_IDX:
diff --git a/src/nwfilter/nwfilter_learnipaddr.c b/src/nwfilter/nwfilter_learnipaddr.c
index 5b95f0e613af33e1e7bbb4b179044c27aac27142..9ca0639576513231c2843cf924db4e99688f9f47 100644
--- a/src/nwfilter/nwfilter_learnipaddr.c
+++ b/src/nwfilter/nwfilter_learnipaddr.c
@@ -430,7 +430,7 @@ learnIPAddressThread(void *arg)
         }
         virBufferAddLit(&buf, "src port 67 and dst port 68");
         break;
-    default:
+    case DETECT_STATIC:
         if (techdriver->applyBasicRules(req->ifname,
                                         &req->macaddr) < 0) {
             req->status = EINVAL;
@@ -438,6 +438,10 @@ learnIPAddressThread(void *arg)
         }
         virBufferAsprintf(&buf, "ether host %s or ether dst ff:ff:ff:ff:ff:ff",
                           macaddr);
+        break;
+    default:
+        req->status = EINVAL;
+        goto done;
     }
 
     if (virBufferError(&buf)) {