if  ($syslogfacility-text == 'kern') and \\
($msg contains ' iptables ') \\
then    -/var/log/netfilter/all.log
#    &   ~

if  ($syslogfacility-text == 'kern') and \\
($msg contains ' iptables dropped') \\
then    -/var/log/netfilter/drop.log
#    &   ~

if  ($syslogfacility-text == 'kern') and \\
($msg contains ' iptables rejected') \\
then    -/var/log/netfilter/reject.log
#    &   ~

if  ($syslogfacility-text == 'kern') and \\
($msg contains ' iptables ' and $msg contains ' DHCP') \\
then    -/var/log/netfilter/dhcp.log
#    &   ~

iptables allowed DHCP
if  ($syslogfacility-text == 'kern') and \\
($msg contains ' iptables dropped' or $msg contains ' iptables rejected') \\
then    -/var/log/netfilter/troubleshooot.log
#    &   ~

if  ($syslogfacility-text == 'kern') and \\
($msg contains ' iptables clutter') \\
then    -/var/log/netfilter/clutter.log
#    &   ~