+filter f_shorewall { facility(kern) and match("Shorewall:" value("MESSAGE")); };
+
+# uncomment the line below if you want to run syslog server
+#log { source(s_net); destination(d_from_net); flags(final); };
+
+# log shorewall to separate log file by default
+log { source(s_src); filter(f_shorewall); destination(d_shorewall); flags(final); };