diff --git a/protect-re-dynamic-prefix-list b/protect-re-dynamic-prefix-list
new file mode 100644
index 0000000..9e7bdc1
--- /dev/null
+++ b/protect-re-dynamic-prefix-list
@@ -0,0 +1,16 @@
+set interfaces lo0 unit 0 family inet filter input PROTECT_RE
+set interfaces lo0 unit 0 family inet6 filter input PROTECT_RE_V6
+
+set policy-options prefix-list BGP_PEERS_DYNAMIC apply-path "protocols bgp group <*> neighbor <*.*>"
+
+set firewall family inet filter PROTECT_RE term ALLOW_BGP from source-prefix-list BGP_PEERS_DYNAMIC
+set firewall family inet filter PROTECT_RE term ALLOW_BGP from protocol tcp
+set firewall family inet filter PROTECT_RE term ALLOW_BGP from destination-port bgp
+set firewall family inet filter PROTECT_RE term ALLOW_BGP then log
+set firewall family inet filter PROTECT_RE term ALLOW_BGP then accept
+set firewall family inet filter PROTECT_RE term BLOCK_BGP from protocol tcp
+set firewall family inet filter PROTECT_RE term BLOCK_BGP from destination-port bgp
+set firewall family inet filter PROTECT_RE term BLOCK_BGP then log
+set firewall family inet filter PROTECT_RE term BLOCK_BGP then discard
+set firewall family inet filter PROTECT_RE term DEFAULT then log
+set firewall family inet filter PROTECT_RE term DEFAULT then accept
\ No newline at end of file