if  ($syslogfacility-text == 'kern') and ($msg contains ' iptables ') then    -/var/log/iptables/all.log
#    &   ~

if  ($syslogfacility-text == 'kern') and ($msg contains ' iptables dropped') then    -/var/log/iptables/drop.log
#    &   ~

if  ($syslogfacility-text == 'kern') and ($msg contains ' iptables rejected') then    -/var/log/iptables/reject.log
#    &   ~

#if  ($syslogfacility-text == 'kern') and ($msg contains ' iptables ' and $msg contains ' DHCP') then    -/var/log/iptables/dhcp.log
#    &   ~

if  ($syslogfacility-text == 'kern') and ($msg contains ' iptables dropped' or $msg contains ' iptables rejected') then    -/var/log/iptables/block.log
#    &   ~

if  ($syslogfacility-text == 'kern') and ($msg contains ' iptables clutter') then    -/var/log/iptables/clutter.log
#    &   ~