All variants of Shorewall in HEAD have a missing dependency that is not selected in the netfilter.mk  According to the Shorewall documentation, http://www.shorewall.net/shorewall_logging.html, the minimal shorewall installation depends on netfilter syslog target, which is provided by iptables-mod-extra.  According to the same page, shorewall may alternatively use ULOG or NFLOG to satisfy its logging requirements.  ULOG is provided by iptables-mod-ulog, but NFLOG is not currently directly selected by any default packages.  I propose the following, provided the makefiles be capable of such a function, that the Shorewall packages depend on either iptables-mod-extra or iptables-mod-ulog, with a predisposition towards iptables-mod-extra since openwrt firmwares default to syslog capabilities.  I could be pursuaded the other way if the combination of packages required for ulog logging resulted in a smaller disk footprint.  I have not analyzed this aspect.

Stanley Pinchak