From 0dc5116a02ca03a3b78f5e5c653ebc783d2cdf2e Mon Sep 17 00:00:00 2001
From: Eric Garver <eric@garver.life>
Date: Thu, 6 Jun 2019 12:25:08 -0400
Subject: [PATCH 42/43] fix: rich rule destination with services

Fixes: rhbz 1715977
(cherry picked from commit d3bd517c7deb44d42129017b3c471ccdf1c32b57)
(cherry picked from commit 9cd642933d41a983c4cbdef6aa936151e89a05ef)
---
 src/firewall/core/fw_zone.py | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/firewall/core/fw_zone.py b/src/firewall/core/fw_zone.py
index 31d7d6a168a8..e6eb299dec71 100644
--- a/src/firewall/core/fw_zone.py
+++ b/src/firewall/core/fw_zone.py
@@ -1575,17 +1575,18 @@ class FirewallZone(object):
             if type(rule.element) == Rich_Service:
                 svc = self._fw.service.get_service(rule.element.name)
 
-                destinations = [rule.destination] if rule.destination else [None]
-
+                destinations = []
                 if len(svc.destination) > 0:
                     if rule.destination:
                         # we can not use two destinations at the same time
                         raise FirewallError(errors.INVALID_RULE,
                                             "Destination conflict with service.")
-                    destinations = []
                     for ipv in ipvs:
                         if ipv in svc.destination and backend.is_ipv_supported(ipv):
                             destinations.append(svc.destination[ipv])
+                else:
+                    # dummy for the following for loop
+                    destinations.append(None)
 
                 for destination in destinations:
                     if enable:
-- 
2.23.0