Firewall logged entry puzzling

thanks.
I have, in place, a rule I called Syslog. I just checked it, UDP 514 is allowed. This doesn't seem to work though ... vis-a-vis the Mac's Firewall rules.

I saw 'Remote logIN' but not "Remote Logging" for choices in preferences|services ... and the former is the SSH, different than the Syslog stuff.

Since 10....1 and 10...2 are bot 'me' , I don't understand why I can't set a Firewall rule on the mac to allow 514 ....

actually, I just did it from the GUI. Typed 'other' then a name of Syslog and added 514 to UDP .....

well ... it appears the 514 entry is down in there. Mind you, I am not sure how to handle en0 versus en1 ... but, here is the list:
01000 allow ip from any to any via lo*
01003 check-state
01005 allow ip from any to any frag
01006 allow icmp from any to any icmptypes 0,3,4,11,12,13,14
03000 allow udp from any 67-68 to any dst-port 67-68 via en0
03001 allow udp from any to 255.255.255.255 dst-port 67-68 via en0
03002 reject log logamount 65535 ip from any to any ipoptions ssrr,lsrr via en0
03003 allow udp from any 123 to any dst-port 1024-65535,123 via en0
03004 allow udp from any 5353 to any dst-port 5353 via en0
03005 allow icmp from any to any via en0
03006 allow tcp from any 20-21 to any dst-port 1024-65535 in via en0
03007 allow udp from any to any dst-port 53 out via en0 keep-state
05000 allow udp from any 67-68 to any dst-port 67-68 via en1
05001 allow udp from any to 255.255.255.255 dst-port 67-68 via en1
05002 reject log logamount 65535 ip from any to any ipoptions ssrr,lsrr via en1
05003 allow udp from any 123 to any dst-port 1024-65535,123 via en1
05004 allow udp from any 5353 to any dst-port 5353 via en1
05005 allow icmp from any to any via en1
05006 allow tcp from any 20-21 to any dst-port 1024-65535 in via en1
05007 allow udp from any to any dst-port 53 out via en1 keep-state
05008 allow udp from any 514 to any dst-port 514 out via en1 keep-state
53008 allow ip from any to any out via en0 keep-state
53009 deny log logamount 65535 ip from any to any in via en0
55009 allow ip from any to any out via en1 keep-state
55010 deny log logamount 65535 ip from any to any in via en1
65535 allow ip from any to any


Macbook Pro Mac OS X (10.4.8)

The DSL Modem (Speedstream 4200) is ethernet to Airport Extreme. MacBook is Airport to that.

thanks for the clarification.
I wonder then, do I need to try and make a filter rule, allowing syslog, for both en0 and en1?

I turned 'Stealth' off for a few hours. However, I see this in the log now:

Oct 22 12:00:23 RD ipfw: 35000 Deny UDP 10.0.1.1:514 10.0.1.2:514 in via en1

The Speedstream DSL modem connects to the Airport Extreme via Ethernet. That modem has an active firewall running. I am not sure about any FW on the Airport Extreme wireless router.

OK.
So somewhere in the rules, there appears to still be
a reason that you set to block 514 (deny).

Well, you led me to take a look at ordering of the filter lines. I'd D/L'd "Flying Buttress" FW as indirectly mentioned within a previous posters reply, upthread
http://order.kagi.com/?5MG

This showed me the 'Deny' on several items and I could see 514 got blocked near the top of the listed filters... I read that the first match and the rule-search stopped ... so that ansered my query ...

And we don't really know why you'd run Stealth.....

Indeed. And I had to laugh at that reply ... shame on me ... but I believe it started when I tried Shields Up (GRC) and got all Stealth except replying to their Ping. Couldn't understand it since I hadn't seen log entries in the DSL Modem's log nor attempts inbound to me in the ipfw.log.

So I set myself to Stealth to see if that was the problem.

New to the Mac ... a convert recently from the ugliness of the Windows system ... not an excuse, just an explanation of why I am swimming around trying to get some way on.