# Log kernel generated iptable log messages to file
:msg,contains,"iptables: " /var/log/iptables.log
# Uncomment the following to stop logging anything that matches the last rule.
# Doing this will stop logging kernel generated iptables log messages to the file
# normally containing kern.* messages (eg, /var/log/kern.log)
& ~