juniper-configurations/protect-re-dynamic-prefix-list

set interfaces lo0 unit 0 family inet filter input PROTECT_RE
set interfaces lo0 unit 0 family inet6 filter input PROTECT_RE_V6

set policy-options prefix-list BGP_PEERS_DYNAMIC apply-path "protocols bgp group <*> neighbor <*.*>"

set firewall family inet filter PROTECT_RE term ALLOW_BGP from source-prefix-list BGP_PEERS_DYNAMIC
set firewall family inet filter PROTECT_RE term ALLOW_BGP from protocol tcp
set firewall family inet filter PROTECT_RE term ALLOW_BGP from destination-port bgp
set firewall family inet filter PROTECT_RE term ALLOW_BGP then log
set firewall family inet filter PROTECT_RE term ALLOW_BGP then accept
set firewall family inet filter PROTECT_RE term BLOCK_BGP from protocol tcp
set firewall family inet filter PROTECT_RE term BLOCK_BGP from destination-port bgp
set firewall family inet filter PROTECT_RE term BLOCK_BGP then log
set firewall family inet filter PROTECT_RE term BLOCK_BGP then discard
set firewall family inet filter PROTECT_RE term DEFAULT then log
set firewall family inet filter PROTECT_RE term DEFAULT then accept