As an addendum, as I noted in
http://daemonforums.org/showthread.php?t=2953#post21893 in the midst of your rules you have an unexplained "
block return" which will match all packets, inbound or outbound, without logging. If no following rules match, this rule will be applied.