PF processes the rules according to a "last match" policy, which means that the policy decision on a packet is determined by the last rule that matched the packet. This policy suggests that rules are best ordered from generally applicable rules first to more detailed match parameters later in the rule set.
For example, consider the following rule set:
block in from any to any pass in from any to any port = 22 pass in from any to any port = 25
The first rule blocks all inbound packets. The following rules match a destination port number.
So, if a packet comes to port 22, PF processes it as follows:
Applies the block rule.
Applies the port 22 rule, which matches the packet. PF keeps the match in memory.
Applies the port 25 rule, which does not match the packet.
After PF checks the packet against all rules, it forwards the packet due to the success of the port 22 rule.
The quick keyword is an exception. If a rule includes the quick keyword, the action for that rule is executed immediately and no further rules are applied to that packet.
block in from any to any pass in quick from any to any port = 22 pass in from any to any port = 25
If you pass the same packet through the firewall and use this rule set, PF executes the pass action on the packet immediately when the second rule is applied. The quick keyword stops further checking of that packet, so the third rule is not applied.
For more information, see the pfctl(1M) and pf.conf(5) man pages.