Bug #364
Updated by Christian Lohmaier about 10 years ago
when gru is rebooted, the DNAT rules to the VMs won't work until shorewall is restarted
Either shorewall needs to depend on the virtual network interfaces to exists (which then is a configuration bug, as that usually is not necessary), or some other tool is started at boot that locks down the firewall/undoes shorewall's rules.
EDIT: libvirt uses iptables when it creates virtual networking, so that's very likely the culprit.
https://bugzilla.redhat.com/show_bug.cgi?id=433484 doesn't look nice (edit every vm to use system setup bridge/virtual network interface and stuff) - so probably easiest to just add a systemd (or whatever is used) command that restarts shorewall after libvirt