>since it seems (to me, at least) that "quick" and "log" don't work
>with "count" lines.  am i wrong?  if so, what am i doing wrong?  i'm
>not trying to block any traffic at this time, just characterize it.

to clarify: it seems to me that "count log" doesn't log anything (but
it does count it) and that "count quick" doesn't actually terminate
ruleset processing (a subsequent "pass" will also see it) but it does
prevent it from being counted again.

it seems to me that i want all the semantics of "pass" (ie, "quick"
short circuits and optional "log") but also the byte counts.  is there
an easier way to do what i'm trying to do?

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org             * "ah!  i see you have the internet
twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
andrew@crossbar.com       * "information is power -- share the wealth."