>> hmm...so i actually need a "pass quick" line with each "count quick"
>> line?  and is there some reason that "count log" seems not to work?
>> or is that simply not done?
>
>depending on what you want to achieve here.

so it would seem.   :)

>"count log" does not do what you think it does because it doesn't seem
>logical, to me, to be logging packet information based on accounting.

it seems logical to me.  :P

what i'm looking for is a way of counting bytes that each service uses
(by using count lines for everything i can think of) and then throwing
a few lines of the form:

   count out log  quick proto tcp  from any to any

at the bottom to give me byte counts on things i've not thought of
yet.  what i wanted to do was log the lines at the bottom so that i
could (at my leisure) count them above in more specific lines, with my
goal being that of defining all the traffic passing in and out of my
box.

so...i guess i need a complete set of count and pass lines?  with the
log option taken off the count lines (or left in since it's
ineffective)?

(i was also momentarily confused by some of the things i was seeing in
the log until it occurred to me that things can appear on lo0 in a
"backwards" state, ie, a packet with my address and port as the
destination can be outbound whereas on the ethernet interface it would
only be inbound.  caveat emptor, and read the bpf code.  :)

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org             * "ah!  i see you have the internet
twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
andrew@crossbar.com       * "information is power -- share the wealth."