I have a question about what I should be seeing as far as traffic on the bridge.
I have a CCR2004-16G-2S+ running v7.11
This model does have a switch chip with Eth1-9 on switch1 and Eth10-16 on switch2

I use the device strictly to filter bad IPs to/from our internet connection like this.

LAN Sw----------------FW--------------------MT filter--------------------ISP

The CCR uses Eth1/Eth2 and those two are on bridgeWAN1. No HW offloading or Fast Path/Fast Forward are used.
The Bridge settings does have "Use IP Firewall" and "Use IP Firewall for VLAN" enabled. Firewall filter(raw) rules are applied to the bridgeWAN1

This works as expected. But when I want to look at the traffic with Packet Sniff or Torch or just the interface list, I have to look at the physical ports on the bridge and not the bridge itself. If I look at the Bridge on the interface list there is almost no traffic reported but the firewall filtering works just fine.
Is this expected?

Yes. "traffic of the bridge" is only traffic that enters the bridge from the router side, not traffic between ports of the bridge.
In "normal" usage of a bridge, e.g. on a LAN, it shows the routed traffic towards the bridge, not the traffic between devices on the LAN.

Ok. Thanks. Just figured if the firewall sees it and acts on it, why not report it.

But not super important.

There a few traffic classes:

1. bridged traffic - traffic between bridge ports. If bridge can offload it's functions to underlying hardware, then counters don't show it
2. routed traffic - in this case bridge counters do roll because traffic has to pass CPU (and hence bridge interface if it's about traffic to/from bridged subnet)
3. firewalled traffic - in most common scenario, this overlaps with routed traffic, but not 1:1. So counters on firewall filters roll.
   Except:
4. fast-tracked firewalled traffic - this is traffic which would normally hit firewall rules, but is marked to be handled via "fast track". It thus bypasses normal firewall filters and is then missing from firewall counters. There's a dummy rule with express purpose to show counter for fast-tracked traffic, but there's only one such counter and one can not know which of "normal" firewall rules would handle some proportion of it.
   However, router counters still count this traffic.

Yes that is true, but that does not cover his case. What he has is a bridge with traffic between ports, that passes through the firewall (that can be enabled via a setting).
Now, of course that traffic is counted in firewall counters, but he wants to count it in bridge counters as well.
That is just wrong. The bridge counters are only about the traffic that enters the bridge "from the router" (i.e. on the CPU port).
You can see a bridge as having some ethernet ports (each with their own counter) plus a CPU port (which has the bridge counters as its counters).
When the inter-port traffic would be counted in there as well, it would be impossible to see how much traffic enters/leaves the bridge via the CPU.