It is clear that the rules in the firewall are processed from top to bottom. However, it would be helpful to know if within rule there is a processing order of the properties. Example:

Does it evaluate if the packet has any marks (connection mark, packet mark, routing mark) before evaluating the protocol, addresses, ports or others properties?

On the other hand. During the evaluation of the packet properties, Does the process stop when it finds a property that does not match the criteria? Or are all properties evaluated even though it has been previously determined that one does not match?

afaik, matching on most properties you mentioned might be done using single step using hash function
ototh: It does pay off having extra filter rules (like dest port 80,443) on costly L7 inspect rules. Those extra matches will be matched first, before spending CPU time on L7 matching