myAS="65066"
    
AS $myAS
router-id 203.0.113.113
fib-update no
nexthop qualify via default

socket "/var/www/logs/bgpd.rsock" restricted

group blacklist-sources {
        multihop 64
        announce none

        # Neighbor upA - John Q Public - john.public@example.com
        neighbor 198.51.100.198 {
                descr "upA"
                remote-as 65198
                tcp md5sig key deadbeef
        }
        # Neighbor downB - Mike Bolton - mike@bolt.example.net
        neighbor 198.18.0.191 {
                descr "downB"
                remote-as 65191
                ipsec ah ike
        }
}  
   
group RS {
        announce all
        set nexthop no-modify
        enforce neighbor-as no
        multihop 64
        ttl-security no

        holdtime min 60
        softreconfig in no

        neighbor 0.0.0.0/0 {  passive  }
}

deny from any
allow from group blacklist-sources
allow to any

# Ensure that an IP to be blacklisted is only a host entry
deny from group blacklist-sources inet  prefixlen < 32
deny from group blacklist-sources inet6 prefixlen < 128

# Set my own community, so clients have an easy way to filter
match from group blacklist-sources community neighbor-as:666 set community $myAS:666
match from group blacklist-sources community neighbor-as:42  set community $myAS:42