Locking yourself out is something that has to happen to everyone once i guess
FYI: I'm setting up a new box with Zimbra in a VM including Shorewall myself currently, but still working on a "perfect" iptables setup. And it's not my top priority right now, so don't ask for an example right now
I'm testing the shorewall rules 1st on a local dev box before running them on a production box in the datacenter.