More of a sanity check question than anything else:
Does the "packets dropped" counter on an ASA firewall interface include just interface drops or does it include ACL rule drops in the count?
Ex: Traffic Statistics for "int foo":
576675535 packets input, 128101040719 bytes
731241996 packets output, 636870913964 bytes
22115790 packets dropped