I write 2 rule at vSRX from trust to untrust, but these are diffenrent rules. one is block facebook, the other one is permit youtube for special IP. When FW matches first rule, it doesnt care any other rule but when it doesnt matches first rule, it hits second rule.
I am curious - why would you need one flow to match both Facebook and Youtube?
Also, if the second rule is more specific than the first rule, then place the second rule on top of first one. That way, more specific traffic will be allowed by rule-2 and others will be blocked by rule-1.