Description of problem:
When there is a zone with source specified and in this zone is a service, which requires helper, firewalld creates chain for it in raw table and puts there helper's firewall rule. For example: if service samba is added to home zone, chain PRE_home_allow is created, where rule for helper netbios-ns is later added.

This however does not work, when service is added using rich rule and not using service. In this case, PRE_home_allow chain does not exist and load of the whole zone fails ( all zone rules are removed in the consequence ).

Version-Release number of selected component (if applicable):
firewalld-0.4.4.2-2.fc25.noarch

How reproducible:

Steps to Reproduce:
1.  firewall-cmd --permanent --new-zone=bugzone01
    firewall-cmd --permanent --zone=bugzone01 --add-source=10.20.30.40/32
    firewall-cmd --permanent --zone=bugzone01 --add-rich-rule='rule service name="samba" accept'
2.  systemctl restart firewalld

Actual results:
Zone bugzone01 is not applied in iptables, samba is not allowed from the source.

DEBUG2: <class 'firewall.core.ipXtables.ip4tables'>: /usr/sbin/iptables -w2 -A PRE_bugzone01_allow -t raw -p udp --dport 137 -j CT --helper netbios-ns
ERROR: Failed to apply rules. A firewall reload might solve the issue if the firewall has been modified using ip*tables or ebtables.
ERROR: '/usr/sbin/iptables -w2 -A PRE_bugzone01_allow -t raw -p udp --dport 137 -j CT --helper netbios-ns' failed:

Expected results:
Necessary chains (PRE_bugzone01_allow in this case) to be created during the zone's start, so rules can be successfully added. Zone bugzone01 is applied in iptables, samba is allowed from the source.