fw-rule processing seems to continue despite first match happened

[defaultuserfoo]

Please take a look at these screeshots of rules and the resulting log file.  The rule allowing traffic to port 5061 is definitely set to "Apply the action immediately on match.".

Why is being logged that the traffic was blocked by the rule at the bottom of the list of rules?  Is this a bug or did I configure something wrong?

(I'm guessing that traffic is only sometimes being logged as passed because there's a state established.)

So far, it seems that the traffic is not being blocked because the SIP client does work.

[defaultuserfoo]

scrrenshot 2

PS:

I have split the rule which protects the LAN into two rules, one for IPv4 and one for IPv6.  It still says in the log file that traffic was blocked (for IPv4).

Something must be wrong.

[defaultuserfoo]

Ok, I edited the rule allowing the traffic to port 5061 in that I changed the State Type to "none'.  Now every time the traffic is passed and doesn't get blocked anymore.

It seems like once a connction is established on a source port on the phone to port 5061 on the server, a state is being kept track of without considering the source port.  It might explain why the rule that has allowed the connection in the first place doesn't apply to subsequent traffic, and consequently, the later rule that blocks the traffic matches and blocks the traffic.

Is there some setting (which may have changed after upgrading from 22.1 to 22.7) that I need to make to get the source port considered?  Or is there a bug somewhere?