diff --git a/syslog.conf b/syslog.conf
index 2513a38..a451cfb 100644
--- a/syslog.conf
+++ b/syslog.conf
@@ -66,6 +66,14 @@ mail.err			 /var/log/mail.err
 #
 #*.alert				root,joey
 
+#
+# Secure mode, same as -s, none(0), on(1), full(2).  When enabled
+# only logging to remote syslog server possible, with full secure
+# mode, not even that is possible.  We default to prevent syslogd
+# from opening UDP/514 and receving messages from other systems.
+#
+secure_mode 1
+
 #
 # Include all config files in /etc/syslog.d/
 #