i'm finding this sort of thing

Apr 12 14:42:45 noc ipmon[1751]: 14:42:44.772594              lo0 @0:148 p 204.17.14.25,1115 -> 204.17.14.25,666 PR tcp len 20 85 -AP 

in my packet log files, and i'm confused.  granted, i haven't been
using ipfilter for very long, but i thought i had a good idea of what
was what.  :)

i've got:

count in       quick proto tcp  from any to 204.17.14.25 port = 666
pass  in       quick proto tcp  from any to 204.17.14.25 port = 666
count out      quick proto tcp  from 204.17.14.25 port = 666 to any
pass  out      quick proto tcp  from 204.17.14.25 port = 666 to any
count in       quick            from any to 204.17.14.25
pass  in  log  quick            from any to 204.17.14.25
count out      quick            from 204.17.14.25 to any
pass  out log  quick            from 204.17.14.25 to any

since it seems (to me, at least) that "quick" and "log" don't work
with "count" lines.  am i wrong?  if so, what am i doing wrong?  i'm
not trying to block any traffic at this time, just characterize it.

thanks.

note: i'm using 1.3.3/i386, so if this is a "bug, so just upgrade",
i'd still like to know.

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org             * "ah!  i see you have the internet
twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
andrew@crossbar.com       * "information is power -- share the wealth."