The daily logwatch run ignores the iptables lines from /var/log/messages. The "kernel" service of logwatch would find them, if the lines had the string " kernel: " after the time and host of them, as my Red Hat 9 2.4.20 log has.
This is an issue with your system logger, which one are you using? The kernel does not prefix it's own messages with "kernel: " -- this is handled by whatever logger reads kmsg and puts it in /var/log/messages. So this is either a bug in logwatch or a bug in your system logger.
See comment #1