--- syslog-ng.conf	2006-12-12 19:54:52.000000000 +0100
+++ syslog-ng.conf	2006-12-12 19:55:05.000000000 +0100
@@ -1,5 +1,5 @@
 #
-# /etc/syslog-ng/syslog-ng.conf
+# /etc/syslog-ng.conf
 #
 
 options {
@@ -46,7 +46,7 @@
 filter f_syslog { program(syslog-ng); };
 filter f_cron { facility(cron); };
 filter f_daemon { facility(daemon); };
-filter f_kernel { facility(kern); };
+filter f_kernel { facility(kern) and not match("IN=.*OUT="); };
 filter f_lpr { facility(lpr); };
 filter f_mail { facility(mail); };
 filter f_news { facility(news); };
@@ -54,7 +54,7 @@
 filter f_uucp { facility(cron); };
 filter f_news { facility(news); };
 #filter f_debug { not facility(auth, authpriv, news, mail); };
-filter f_messages { level(info..warn) and not facility(auth, authpriv, mail, news) and not program(syslog-ng) and not match("IN=.*OUT="); };
+filter f_messages { level(info..warn) and not facility(auth, authpriv, mail, news, cron) and not program(syslog-ng) and not match("IN=.*OUT="); };
 filter f_everything { level(debug..emerg) and not facility(auth, authpriv); };
 filter f_emergency { level(emerg); };
 filter f_info { level(info); };
@@ -62,7 +62,7 @@
 filter f_warn { level(warn); };
 filter f_crit { level(crit); };
 filter f_err { level(err); };
-filter f_iptables { match("IN="); };
+filter f_iptables { match("IN=.*OUT="); };
 
 log { source(src); filter(f_authpriv); destination(authlog); };
 log { source(src); filter(f_syslog); destination(syslog); };