In some email I received from Andrew Brown, sie wrote:
> >> >since it seems (to me, at least) that "quick" and "log" don't work
> >> >with "count" lines.  am i wrong?  if so, what am i doing wrong?  i'm
> >> >not trying to block any traffic at this time, just characterize it.
> >> 
> >> to clarify: it seems to me that "count log" doesn't log anything (but
> >> it does count it) and that "count quick" doesn't actually terminate
> >> ruleset processing (a subsequent "pass" will also see it) but it does
> >> prevent it from being counted again.
> >
> >RTFM?  "count" is a separate action from 'block' and 'log', and "count"
> >isn't one of the "options" that can be used with any action.
> 
> i did rtfm.  several times, in fact.  and they are f.  :)
> 
> i understand that "count" is separate from "block" and "pass" (and
> "log").  "count" is not an option, but an action, whereas "log" has
> the distinction of being an action *and* an option.  i think that if
> "count" was an option, that'd be be the answer to my situation.
> 
> fwiw - i also find that with default pass and only "log" (ie, no
> "pass", "block", or "count" lines) lines in my ipf.conf, my machine
> becomes unreachable.  is perhaps the "log" action short for "block
> log"?

Not quite.  But if you do:

log in blah

then it's not a "pass" so how can it be pass'd ?  I do recall there being
a bug related to that which got fixed in 3.3.

Darren