I am trying to setup a firewall rule to restrict SSHD access.  I've done this dozens of times before without any issue.  This is the first time I've tried it on 11.4 however.

Model: j2350
JUNOS Software Release [11.4R1.6]

Here's my rather simple firewall statement:

set firewall family inet filter RESTRICT-SSHD term PERMIT-SSHD from prefix-list OUR-PREFIXES
set firewall family inet filter RESTRICT-SSHD term PERMIT-SSHD from protocol tcp
set firewall family inet filter RESTRICT-SSHD term PERMIT-SSHD from port ssh
set firewall family inet filter RESTRICT-SSHD term PERMIT-SSHD then log
set firewall family inet filter RESTRICT-SSHD term PERMIT-SSHD then accept
set firewall family inet filter RESTRICT-SSHD term DENY-SSHD from protocol tcp
set firewall family inet filter RESTRICT-SSHD term DENY-SSHD from port ssh
set firewall family inet filter RESTRICT-SSHD term DENY-SSHD then log
set firewall family inet filter RESTRICT-SSHD term DENY-SSHD then reject
set firewall family inet filter RESTRICT-SSHD term default-term then accept

set interfaces lo0 unit 0 family inet filter input RESTRICT-SSHD
set interfaces lo0 unit 0 family inet address 127.0.0.1/32

Here's my security statements:

set security forwarding-options family inet6 mode packet-based
set security forwarding-options family mpls mode packet-based
set security forwarding-options family iso mode packet-based

I've setup a trace file.  The only thing showing is traffic hitting the pfe; nothing hitting the firewall.

Any input is appreciated.

Thanks!