Hi, You can find a working example at https://build.opensuse.org/projects/home:czanik:syslog-ng-githead/packages/s... Look for how f_iptables is defined and used. This is the default syslog-ng configuration from openSUSE. Peter Peter Czanik (CzP) <peter.czanik@oneidentity.com> Balabit (a OneIdentity company) / syslog-ng upstream https://syslog-ng.com/community/ https://twitter.com/PCzanik ________________________________ From: A <dima@anche.no> Sent: Sunday, December 28, 2025 07:05 To: syslog-ng@lists.balabit.hu <syslog-ng@lists.balabit.hu> Subject: [syslog-ng]iptables.log CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe. How to exclude such lines from logging? IN=net0 OUT= SRC=xxx.xxx.xxx.xxx DST=xxx.xxx.xxx.xxx LEN=xx TOS=0xxx PREC=0xxx TTL=xx ID=xxxx DF PROTO=xxx SPT=xxxx DPT=137 WINDOW=xxxxx RES=0xxx XXX URGP=X -- ______________________________________________________________________________ Member info: %(web_page_url)slistinfo/%(_internal_name)s Documentation: https://nam12.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=05%7C02%7Cpeter.czanik%40balabit.com%7Caa00c0b1d33742f8eedb08de45d8d0cd%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C639024994695956211%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C40000%7C%7C%7C&sdata=b1qUjyqwWGwi5uGP8VN8Y2vfdRaMkPqPOKN0VIOSgYQ%3D&reserved=0<http://www.balabit.com/support/documentation/?product=syslog-ng> FAQ: https://nam12.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=05%7C02%7Cpeter.czanik%40balabit.com%7Caa00c0b1d33742f8eedb08de45d8d0cd%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C639024994695980735%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C40000%7C%7C%7C&sdata=irQf%2BwYy3yLmNOu0aYvoBPjVmZ%2Fp6W7z%2Bhzb6MUfrQc%3D&reserved=0<http://www.balabit.com/wiki/syslog-ng-faq>