diff --git a/src/firewall/core/fw_zone.py b/src/firewall/core/fw_zone.py
index 9d8bcf6..bd02622 100644
--- a/src/firewall/core/fw_zone.py
+++ b/src/firewall/core/fw_zone.py
@@ -1542,7 +1542,10 @@ class FirewallZone(object):
                 ipvs = [ source_ipv ]
 
         if not ipvs:
-            ipvs = [ipv for ipv in ["ipv4", "ipv6"] if self._fw.is_ipv_enabled(ipv)]
+            ipvs = ["ipv4", "ipv6"]
+
+        # clamp ipvs to those that are actually enabled.
+        ipvs = [ipv for ipv in ipvs if self._fw.is_ipv_enabled(ipv)]
 
         # add an element to object to allow backends to know what ipvs this applies to
         rule.ipvs = ipvs
diff --git a/src/tests/regression/rhbz1855140.at b/src/tests/regression/rhbz1855140.at
index cea943e..8059e29 100644
--- a/src/tests/regression/rhbz1855140.at
+++ b/src/tests/regression/rhbz1855140.at
@@ -2,9 +2,7 @@ FWD_START_TEST([rich rule icmptypes with one family])
 AT_KEYWORDS(rich icmp rhbz1855140)
 
 FWD_CHECK([--permanent --zone public --add-rich-rule='rule icmp-type name="echo-request" accept'], 0, ignore)
-IF_HOST_SUPPORTS_IPV6_RULES([
 FWD_CHECK([--permanent --zone public --add-rich-rule='rule icmp-type name="neighbour-advertisement" accept'], 0, ignore)
-])
 FWD_CHECK([--permanent --zone public --add-rich-rule='rule icmp-type name="timestamp-request" accept'], 0, ignore)
 FWD_RELOAD
 NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl