I'm sure there is probably an existing canonical set of rules to allow syslog-ng traffic through iptables but I can't find it. I'm sorry, since I know this is probably a common question. I've been trying to get it to work but I seem to be missing something. This is what I have: iptables -A INPUT -i em3 -p udp --dport 514 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o em3 -p udp --sport 514 -m state --state ESTABLISHED -j ACCEPT iptables -A INPUT -i em1 -p tcp --dport 514 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -i em1 -p tcp --dport 10514 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o em1 -p tcp --sport 514 -m state --state ESTABLISHED -j ACCEPT iptables -A OUTPUT -o em1 -p tcp --sport 10514 -m state --state ESTABLISHED -j ACCEPT We receive logs on udp 514 and tcp 10514 and we forward all of these logs to another remote server on the same ports. I've not seen any evidence of it but I've been told that we may also receive logs on tcp 514. I appreciate any assistance. We usually rely on hardware firewalls but new security guidelines are also requiring software firewalls be configured. Thanks, -Mark