So I'm curious as to why this isn't working for you. Did the
restorecon
command in fact change the label of the program to iptables_exec_t? Did
you get the same AVC message as before?
Exactly the same message - no difference!
I am willing to investigate this further to get to the bottom of it.
When I do not have my custom .pp and FC tries to start the shorewall
service it fails (sometimes it gives me the alert, some times it
doesn't). When I try to execute "service shorewall start" (as root) it
always fails and always gives me those alerts (as I mentioned they are
exactly the same, but I will have a closer look again). I will post
these logs again (+ what I am doing/executing) when I have the chance to
get to it - later today may be.