When using the command line some (or most) validation checks are not present.
I think the syntax used on the CLI was wrong and that caused the other errors on the cockpit UI (until the wrong service syntax is deleted), but I could we wrong:
ERROR: Invalid/Unknown udp port/service (20000…20050) /etc/shorewall/rules (line 138)
I’ve tried the same command (but without having any real service linked to the ports).