In some email I received from Andrew Brown, sie wrote:
> >since it seems (to me, at least) that "quick" and "log" don't work
> >with "count" lines.  am i wrong?  if so, what am i doing wrong?  i'm
> >not trying to block any traffic at this time, just characterize it.
> 
> to clarify: it seems to me that "count log" doesn't log anything (but
> it does count it) and that "count quick" doesn't actually terminate
> ruleset processing (a subsequent "pass" will also see it) but it does
> prevent it from being counted again.
> 
> it seems to me that i want all the semantics of "pass" (ie, "quick"
> short circuits and optional "log") but also the byte counts.  is there
> an easier way to do what i'm trying to do?

Accounting rules are processed separately from access control rules.

If you had:

count in blah
block in blah
count in foo
pass in bar

the actual order of application is:

count in blah
count in foo

block in blah
pass in bar

Darren