Re: Firewall filter to restrict traffic for one interface

I added a counter to the firewall filter like so:

filter NAS-Inbound {
    term NAS-Inbound-Allow {
        from {
            source-address {
                192.168.1.66/32;
            }
        }
        then {
            accept;
            count NAS-Inbound-Allowed;
        }
    }
}

I added the filter to ge-0/0/5 and verified that it was configured for the interface:

{master:0}[edit interfaces ge-0/0/5 unit 0 family ethernet-switching]
USER@SWITCH# show
port-mode access;
vlan {
    members VLAN2;
}
filter {
    input NAS-Inbound;
}

When I tried to commit the config, I got an error:  "Referenced filter 'NAS-Inbound' can not be used as count not supported on ingress"

USER@SWITCH# commit
[edit interfaces ge-0/0/5 unit 0 family ethernet-switching]
  'filter'
    Referenced filter 'NAS-Inbound' can not be used as count not supported on ingress
error: configuration check-out failed

I added a counter to the output filter and applying the output filter to ge-0/0/5, but I received the same error when I tried to commit the config.  I cannot apply the filters to ge-0/0/5 when a counter is present.