diff --git a/SOURCES/0040-fix-Revert-ebtables-drop-support-for-broute-table.patch b/SOURCES/0040-fix-Revert-ebtables-drop-support-for-broute-table.patch
new file mode 100644
index 0000000..134e742
--- /dev/null
+++ b/SOURCES/0040-fix-Revert-ebtables-drop-support-for-broute-table.patch
@@ -0,0 +1,56 @@
+From e490ca17f5a61ef8c28ada20fec922acc300640e Mon Sep 17 00:00:00 2001
+From: Eric Garver <eric@garver.life>
+Date: Fri, 20 Sep 2019 08:39:05 -0400
+Subject: [PATCH 40/41] fix: Revert "ebtables: drop support for broute table"
+
+This reverts commit 0e78dea21ffb03ea2e51df6158471b9cbd6652c9.
+
+Apparently there _are_ users of this table. Let's revert this change and
+be a little smarter about not attempting to use the table if it's not
+available (ebtables-nft). We'll still fail if the user has direct rules
+for this table, but at least the default ruleset will work.
+
+(cherry picked from commit ca34c9e051807d62371d5e980210f11859cab360)
+(cherry picked from commit b80835f5af8ad5c4c39cc8b78ec5314963926a8f)
+---
+ src/firewall-config.in        | 4 ++++
+ src/firewall/core/ebtables.py | 1 +
+ 2 files changed, 5 insertions(+)
+
+diff --git a/src/firewall-config.in b/src/firewall-config.in
+index c19541b0ce82..91ce89ab72a0 100755
+--- a/src/firewall-config.in
++++ b/src/firewall-config.in
+@@ -7653,6 +7653,8 @@ class FirewallConfig(object):
+             self.directChainDialogTableCombobox.append_text("mangle")
+             self.directChainDialogTableCombobox.append_text("raw")
+             self.directChainDialogTableCombobox.append_text("security")
++        else:
++            self.directChainDialogTableCombobox.append_text("broute")
+ 
+         combobox_select_text(self.directChainDialogTableCombobox, old_table)
+ 
+@@ -7807,6 +7809,8 @@ class FirewallConfig(object):
+             self.directRuleDialogTableCombobox.append_text("mangle")
+             self.directRuleDialogTableCombobox.append_text("raw")
+             self.directRuleDialogTableCombobox.append_text("security")
++        else:
++            self.directRuleDialogTableCombobox.append_text("broute")
+ 
+         combobox_select_text(self.directRuleDialogTableCombobox, old_table)
+ 
+diff --git a/src/firewall/core/ebtables.py b/src/firewall/core/ebtables.py
+index df4c31743cd7..65688571ce31 100644
+--- a/src/firewall/core/ebtables.py
++++ b/src/firewall/core/ebtables.py
+@@ -31,6 +31,7 @@ from firewall.errors import FirewallError, INVALID_IPV
+ import string
+ 
+ BUILT_IN_CHAINS = {
++    "broute": [ "BROUTING" ],
+     "nat": [ "PREROUTING", "POSTROUTING", "OUTPUT" ],
+     "filter": [ "INPUT", "OUTPUT", "FORWARD" ],
+ }
+-- 
+2.20.1
+
diff --git a/SOURCES/0041-fix-ebtables-don-t-use-tables-that-aren-t-available.patch b/SOURCES/0041-fix-ebtables-don-t-use-tables-that-aren-t-available.patch
new file mode 100644
index 0000000..d87fe91
--- /dev/null
+++ b/SOURCES/0041-fix-ebtables-don-t-use-tables-that-aren-t-available.patch
@@ -0,0 +1,36 @@
+From 6a5d8aa720479781b122f999e4a4180c84c39be5 Mon Sep 17 00:00:00 2001
+From: Eric Garver <eric@garver.life>
+Date: Fri, 20 Sep 2019 08:47:22 -0400
+Subject: [PATCH 41/41] fix: ebtables: don't use tables that aren't available
+
+(cherry picked from commit 53fa559352156ae4c33613e2e45eb5355e1e86b9)
+(cherry picked from commit 3b7dd4993f18c9090f3c307fd40919cc8b2616bc)
+---
+ src/firewall/core/ebtables.py | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/firewall/core/ebtables.py b/src/firewall/core/ebtables.py
+index 65688571ce31..b17e43dadf20 100644
+--- a/src/firewall/core/ebtables.py
++++ b/src/firewall/core/ebtables.py
+@@ -229,6 +229,8 @@ class ebtables(object):
+     def build_flush_rules(self):
+         rules = []
+         for table in BUILT_IN_CHAINS.keys():
++            if table not in self.get_available_tables():
++                continue
+             # Flush firewall rules: -F
+             # Delete firewall chains: -X
+             # Set counter to zero: -Z
+@@ -239,6 +241,8 @@ class ebtables(object):
+     def build_set_policy_rules(self, policy):
+         rules = []
+         for table in BUILT_IN_CHAINS.keys():
++            if table not in self.get_available_tables():
++                continue
+             for chain in BUILT_IN_CHAINS[table]:
+                 rules.append(["-t", table, "-P", chain, policy])
+         return rules
+-- 
+2.20.1
+
diff --git a/SOURCES/9999-9cd642933d41a983c4cbdef6aa936151e89a05ef.patch b/SOURCES/9999-9cd642933d41a983c4cbdef6aa936151e89a05ef.patch
deleted file mode 100644
index ee779e7..0000000
--- a/SOURCES/9999-9cd642933d41a983c4cbdef6aa936151e89a05ef.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 9cd642933d41a983c4cbdef6aa936151e89a05ef Mon Sep 17 00:00:00 2001
-From: Eric Garver <eric@garver.life>
-Date: Thu, 6 Jun 2019 12:25:08 -0400
-Subject: [PATCH] fix: rich rule destination with services
-
-Fixes: rhbz 1715977
-(cherry picked from commit d3bd517c7deb44d42129017b3c471ccdf1c32b57)
----
- src/firewall/core/fw_zone.py | 7 ++++---
- 1 file changed, 4 insertions(+), 3 deletions(-)
-
-diff --git a/src/firewall/core/fw_zone.py b/src/firewall/core/fw_zone.py
-index 90ae1036..1f33b550 100644
---- a/src/firewall/core/fw_zone.py
-+++ b/src/firewall/core/fw_zone.py
-@@ -1582,17 +1582,18 @@ def _rule_prepare(self, enable, zone, rule, mark_id, zone_transaction):
-             if type(rule.element) == Rich_Service:
-                 svc = self._fw.service.get_service(rule.element.name)
- 
--                destinations = [rule.destination] if rule.destination else [None]
--
-+                destinations = []
-                 if len(svc.destination) > 0:
-                     if rule.destination:
-                         # we can not use two destinations at the same time
-                         raise FirewallError(errors.INVALID_RULE,
-                                             "Destination conflict with service.")
--                    destinations = []
-                     for ipv in ipvs:
-                         if ipv in svc.destination and backend.is_ipv_supported(ipv):
-                             destinations.append(svc.destination[ipv])
-+                else:
-+                    # dummy for the following for loop
-+                    destinations.append(None)
- 
-                 for destination in destinations:
-                     if enable:
diff --git a/SPECS/firewalld.spec b/SPECS/firewalld.spec
index 4a35b37..e50f56e 100644
--- a/SPECS/firewalld.spec
+++ b/SPECS/firewalld.spec
@@ -8,7 +8,7 @@
 Summary: A firewall daemon with D-Bus interface providing a dynamic firewall
 Name: firewalld
 Version: 0.6.3
-Release: 2%{?dist}.1.0.1
+Release: 2%{?dist}.2
 URL:     http://www.firewalld.org
 License: GPLv2+
 Source0: https://github.com/firewalld/firewalld/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
@@ -51,8 +51,8 @@ Patch36: 0036-fix-tests-functions-ignore-warnings-about-missing-ip.patch
 Patch37: 0037-fix-tests-guard-occurrences-of-IPv6.patch
 Patch38: 0038-fix-tests-update-package.m4-if-makefile-changed.patch
 Patch39: 0039-fix-tests-functions-define-HOST_SUPPORTS_IP6TABLES-v.patch
-
-Patch9999: 9999-9cd642933d41a983c4cbdef6aa936151e89a05ef.patch
+Patch40: 0040-fix-Revert-ebtables-drop-support-for-broute-table.patch
+Patch41: 0041-fix-ebtables-don-t-use-tables-that-aren-t-available.patch
 
 BuildArch: noarch
 BuildRequires: desktop-file-utils
@@ -353,8 +353,8 @@ fi
 %{_mandir}/man1/firewall-config*.1*
 
 %changelog
-* Sat Sep 21 2019 Pablo Greco <pgreco@centosproject.org> - 0.6.3-2.el7_7.1.0.1
-- Fix for https://bugs.centos.org/view.php?id=16425
+* Mon Sep 30 2019 Eric Garver <egarver@redhat.com> - 0.6.3-2.el7_7.2
+- fix: Revert "ebtables: drop support for broute table"
 
 * Wed Aug 21 2019 Eric Garver <egarver@redhat.com> - 0.6.3-2.el7_7.1
 - backport fix to allow disabling IPv6