Changing green interface using CLI?

Support
,
7 
[root@neth-backup ~]# systemctl status shorewall -l
● shorewall.service - Shorewall IPv4 firewall
   Loaded: loaded (/usr/lib/systemd/system/shorewall.service; enabled; vendor preset: disabled)
  Drop-In: /usr/lib/systemd/system/shorewall.service.d
           └─nethserver-firewall-base.conf
   Active: failed (Result: exit-code) since Sat 2018-11-03 19:44:12 EDT; 21h ago
 Main PID: 4623 (code=exited, status=25)

Nov 03 19:44:12 neth-backup.familybrown.org shorewall[4623]: Processing /etc/shorewall/shorewall.conf...
Nov 03 19:44:12 neth-backup.familybrown.org shorewall[4623]: Loading Modules...
Nov 03 19:44:12 neth-backup.familybrown.org shorewall[4623]: Compiling /etc/shorewall/zones...
Nov 03 19:44:12 neth-backup.familybrown.org shorewall[4623]: Compiling /etc/shorewall/interfaces...
Nov 03 19:44:12 neth-backup.familybrown.org shorewall[4623]: Compiling /etc/shorewall/hosts...
Nov 03 19:44:12 neth-backup.familybrown.org shorewall[4623]: ERROR: Unknown interface (enp2s0) /etc/shorewall/hosts (line 21)
Nov 03 19:44:12 neth-backup.familybrown.org systemd[1]: shorewall.service: main process exited, code=exited, status=25/n/a
Nov 03 19:44:12 neth-backup.familybrown.org systemd[1]: Failed to start Shorewall IPv4 firewall.
Nov 03 19:44:12 neth-backup.familybrown.org systemd[1]: Unit shorewall.service entered failed state.
Nov 03 19:44:12 neth-backup.familybrown.org systemd[1]: shorewall.service failed.

Doesn’t appear to have. shorewall status doesn’t appear changed.

I wonder if this is the problem: /etc/shorewall/hosts is referring to the old interface, not the new. OTOH, /etc/shorewall/interfaces is referring to the new interface. Making the changes manually to /etc/shorewall/hosts lets shorewall start, but of course that will be overwritten next time the template is expanded. And I’m afraid I can’t parse the Perl in the hosts template fragment to understand what it’s doing. Here’s the output of db networks show:

[root@neth-backup hosts]# db networks show
192.168.3.0=network
    Description=VPN network
    Mask=255.255.255.0
eno1=ethernet
enp0s25=ethernet
    FwInBandwidth=
    FwOutBandwidth=
    bootproto=none
    gateway=192.168.1.1
    ipaddr=192.168.1.60
    netmask=255.255.255.0
    role=green
enp2s0=ethernet
    FwInBandwidth=
    FwOutBandwidth=
    bootproto=none
ppp0=xdsl-disabled
    AuthType=auto
    FwInBandwidth=
    FwOutBandwidth=
    Password=
    name=PPPoE
    provider=xDSL provider
    role=red
    user=
[root@neth-backup hosts]#

enp0s25 is the new interface; enp2s0 is the old.