Debian Security Advisory DSA 849-1 - Supernaut noticed that shorewall, the Shoreline Firewall, could generate an iptables configuration which is significantly more permissive than the rule set given in the shorewall configuration, if MAC verification are used in a non-default manner.
bf2c2f0c78b7eb0bfed1de6754eba45504ef7b8ada97d9b04f53aba1cb0ec2e3
Gentoo Linux Security Advisory GLSA 200507-20 - Shorewall fails to enforce security policies if configured with MACLIST_DISPOSITION set to ACCEPT or MACLIST_TTL set to a value greater or equal to 0. Versions less than 2.4.1 are affected.
5930fb17d6edac40cce43bc49a52e399682c0e8bba9558adba8ecfbfa03e7e8b