I am trying to figure out the proper syntax to deny all prefixes to and from a BGP peer. As best practice, we turn up BGP with peers and do a DENY-ALL filter where we don't accept anything from them nor send them anything. This way we can monitor the session or announce routes during a maintenance window. I am having an issue in V7 getting this to work right.
Does anyone have the proper syntax and where I apply it?
I have tried
add chain=AS-IN disabled=no rule="if (dst in 0.0.0.0/0) {reject}"