diff --git a/SOURCES/0042-fix-rich-rule-destination-with-services.patch b/SOURCES/0042-fix-rich-rule-destination-with-services.patch
new file mode 100644
index 0000000..e53b789
--- /dev/null
+++ b/SOURCES/0042-fix-rich-rule-destination-with-services.patch
@@ -0,0 +1,41 @@
+From 0dc5116a02ca03a3b78f5e5c653ebc783d2cdf2e Mon Sep 17 00:00:00 2001
+From: Eric Garver <eric@garver.life>
+Date: Thu, 6 Jun 2019 12:25:08 -0400
+Subject: [PATCH 42/43] fix: rich rule destination with services
+
+Fixes: rhbz 1715977
+(cherry picked from commit d3bd517c7deb44d42129017b3c471ccdf1c32b57)
+(cherry picked from commit 9cd642933d41a983c4cbdef6aa936151e89a05ef)
+---
+ src/firewall/core/fw_zone.py | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/src/firewall/core/fw_zone.py b/src/firewall/core/fw_zone.py
+index 31d7d6a168a8..e6eb299dec71 100644
+--- a/src/firewall/core/fw_zone.py
++++ b/src/firewall/core/fw_zone.py
+@@ -1575,17 +1575,18 @@ class FirewallZone(object):
+             if type(rule.element) == Rich_Service:
+                 svc = self._fw.service.get_service(rule.element.name)
+ 
+-                destinations = [rule.destination] if rule.destination else [None]
+-
++                destinations = []
+                 if len(svc.destination) > 0:
+                     if rule.destination:
+                         # we can not use two destinations at the same time
+                         raise FirewallError(errors.INVALID_RULE,
+                                             "Destination conflict with service.")
+-                    destinations = []
+                     for ipv in ipvs:
+                         if ipv in svc.destination and backend.is_ipv_supported(ipv):
+                             destinations.append(svc.destination[ipv])
++                else:
++                    # dummy for the following for loop
++                    destinations.append(None)
+ 
+                 for destination in destinations:
+                     if enable:
+-- 
+2.23.0
+
diff --git a/SOURCES/0043-test-coverage-for-rhbz-1715977.patch b/SOURCES/0043-test-coverage-for-rhbz-1715977.patch
new file mode 100644
index 0000000..47e150f
--- /dev/null
+++ b/SOURCES/0043-test-coverage-for-rhbz-1715977.patch
@@ -0,0 +1,44 @@
+From db60f004d65078579f67be270427265d65876f4b Mon Sep 17 00:00:00 2001
+From: Eric Garver <eric@garver.life>
+Date: Thu, 6 Jun 2019 11:51:11 -0400
+Subject: [PATCH 43/43] test: coverage for rhbz 1715977
+
+(cherry picked from commit 3fb02f8d6648906bdf089a4734c939c809f85583)
+(cherry picked from commit 819e7196c1aa79998b3b094805c51e4caf49a572)
+---
+ src/tests/regression.at             |  1 +
+ src/tests/regression/rhbz1715977.at | 13 +++++++++++++
+ 2 files changed, 14 insertions(+)
+ create mode 100644 src/tests/regression/rhbz1715977.at
+
+diff --git a/src/tests/regression.at b/src/tests/regression.at
+index 36e10eeb52d5..bbfcb65fe6e9 100644
+--- a/src/tests/regression.at
++++ b/src/tests/regression.at
+@@ -16,3 +16,4 @@ m4_include([regression/gh366.at])
+ m4_include([regression/rhbz1601610.at])
+ m4_include([regression/gh303.at])
+ m4_include([regression/gh335.at])
++m4_include([regression/rhbz1715977.at])
+diff --git a/src/tests/regression/rhbz1715977.at b/src/tests/regression/rhbz1715977.at
+new file mode 100644
+index 000000000000..0a05b14f9e3e
+--- /dev/null
++++ b/src/tests/regression/rhbz1715977.at
+@@ -0,0 +1,13 @@
++FWD_START_TEST([rich rule destination with service destination])
++AT_KEYWORDS(rich service rhbz1715977)
++
++FWD_CHECK([-q --permanent --zone=internal --add-interface=foobar0])
++FWD_CHECK([-q --permanent --zone=internal --add-rich-rule='rule family=ipv4 destination address="192.168.122.235/32" service name="ssh" accept'])
++FWD_RELOAD
++
++FWD_CHECK([-q --zone=internal --add-rich-rule='rule family=ipv4 destination address="192.168.122.235/32" service name="mdns" accept'], 122, [ignore], [ignore])
++FWD_CHECK([-q --permanent --zone=internal --add-rich-rule='rule family=ipv4 destination address="192.168.122.235/32" service name="mdns" accept'])
++FWD_RELOAD
++FWD_GREP_LOG([WARNING: internal: INVALID_RULE: Destination conflict with service.])
++
++FWD_END_TEST([-e '/INVALID_RULE: Destination conflict with service/d'])
+-- 
+2.23.0
+
diff --git a/SPECS/firewalld.spec b/SPECS/firewalld.spec
index e50f56e..8756e09 100644
--- a/SPECS/firewalld.spec
+++ b/SPECS/firewalld.spec
@@ -8,7 +8,7 @@
 Summary: A firewall daemon with D-Bus interface providing a dynamic firewall
 Name: firewalld
 Version: 0.6.3
-Release: 2%{?dist}.2
+Release: 2%{?dist}.3
 URL:     http://www.firewalld.org
 License: GPLv2+
 Source0: https://github.com/firewalld/firewalld/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
@@ -53,6 +53,8 @@ Patch38: 0038-fix-tests-update-package.m4-if-makefile-changed.patch
 Patch39: 0039-fix-tests-functions-define-HOST_SUPPORTS_IP6TABLES-v.patch
 Patch40: 0040-fix-Revert-ebtables-drop-support-for-broute-table.patch
 Patch41: 0041-fix-ebtables-don-t-use-tables-that-aren-t-available.patch
+Patch42: 0042-fix-rich-rule-destination-with-services.patch
+Patch43: 0043-test-coverage-for-rhbz-1715977.patch
 
 BuildArch: noarch
 BuildRequires: desktop-file-utils
@@ -353,6 +355,9 @@ fi
 %{_mandir}/man1/firewall-config*.1*
 
 %changelog
+* Thu Jan 16 2020 Eric Garver <egarver@redhat.com> - 0.6.3-2.el7_7.3
+- fix: rich rule destination with services
+
 * Mon Sep 30 2019 Eric Garver <egarver@redhat.com> - 0.6.3-2.el7_7.2
 - fix: Revert "ebtables: drop support for broute table"