If the firewall rule is still of use I believe that should have an IP address, and it is the cause of the problem with shorewall.
If no fixed IP available and you are using some script to get and fill the IP address from a Dynamic DNS service, check that both the script and dyndns are working.
Someone else here pointed to the risk of DNS poisoning
Fail2ban : white list a FQDN and/or a CDIR
Firewall PortForwarding Question
Additional note: the db hosts entry is a bit mangled with invalid syntax and extra properties that should not be there.