wishlist: allow adding counters to rules

[antifuchs]

I'd love to set up a counters on some rules that I need some insight into (how many DNS requests from egress-permitted subnets made to this machine, etc); I think it would be possible to formulate a "mirror world" set of rules that define counters for the conditions given in the original rules, but honestly I'd much prefer if every accept or deny rule could be configured to come with a counter attached (: