I just wanted to add that I actually tried it before seeing this... In my setup it worked as long as you had all the variables in a line satisfied. For example, in my /etc/shorewall/policy file fw net ACCEPT info #accept all FW to NET traffic would work fine, but after I was through making sure everything was going ok I took out the info, like this: fw net ACCEPT #accept all FW to NET traffic and got syntax errors from iptables on shorewall restart... Just my 0.02