diff --git a/modules-mls.conf b/modules-mls.conf
index cb3d132..39f3cb8 100644
--- a/modules-mls.conf
+++ b/modules-mls.conf
@@ -1867,3 +1867,11 @@ ricci = module
 # RHCS - Red Hat Cluster Suite
 #
 rhcs = module
+
+# Layer: admin
+# Module: shorewall
+#
+# Policy for shorewall
+# 
+shorewall = base
+
diff --git a/policy-F12.patch b/policy-F12.patch
index 23c4c8b..34e770d 100644
--- a/policy-F12.patch
+++ b/policy-F12.patch
@@ -20850,7 +20850,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.te serefpolicy-3.6.32/policy/modules/services/setroubleshoot.te
 --- nsaserefpolicy/policy/modules/services/setroubleshoot.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/services/setroubleshoot.te	2009-10-08 12:25:22.000000000 -0400
++++ serefpolicy-3.6.32/policy/modules/services/setroubleshoot.te	2009-10-27 17:49:35.000000000 -0400
 @@ -22,13 +22,19 @@
  type setroubleshoot_var_run_t;
  files_pid_file(setroubleshoot_var_run_t)
@@ -20962,7 +20962,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +corecmd_exec_bin(setroubleshoot_fixit_t)
 +corecmd_exec_shell(setroubleshoot_fixit_t)
 +
-+seutil_domtrans_restorecon(setroubleshoot_fixit_t)
++seutil_domtrans_setfiles(setroubleshoot_fixit_t)
 +seutil_domtrans_setsebool(setroubleshoot_fixit_t)
 +
 +files_read_usr_files(setroubleshoot_fixit_t)
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 1d539fc..25d0725 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -447,6 +447,7 @@ exit 0
 %changelog
 * Tue Oct 27 2009 Dan Walsh <dwalsh@redhat.com> 3.6.32-35
 - Allow bittlebee to connect to privoxy port
+- Allow iptables to work with shorewall
 
 * Fri Oct 23 2009 Dan Walsh <dwalsh@redhat.com> 3.6.32-34
 - Turn allow_postfix_local_write_mail_spool on by default