ROS7 BGP routing filters

Can someone please point me to a meaningful explanation for a beginner on how to setup BGP filters?
This is my config:

/ipv6 firewall address-list
add address=2001:db8:abcd::/48 list=bgp-networks

/routing filter rule
add chain=bgpv6-out disabled=no rule="if (dst in 2001:db8:abcd::/48) { accept; }"
add chain=bgpv6-out disabled=no rule="if (dst-len > 48) { reject; }"
add chain=bgpv6-out disabled=no rule=reject

/routing bgp connection
add as=65001 disabled=no local.address=2000:db8::2 .role=ebgp name=test \
    output.filter-chain=bgpv6-out .keep-sent-attributes=yes .network=bgp-networks \
    .redistribute=connected,static remote.address=2000:db8::2/128 .as=65000 \
    routing-table=main

I’m basically trying not to advertise anything smaller than /48, but when I do:

/routing/bgp/session dump-saved-advertisements numbers=0 save-to=adv.pcap
/routing/stats/pcap/print where file=adv.pcap

I can see smaller prefixes are still announced…

Where is my mistake? Thanks!

If filters are configured, the default on ROS 7 is to reject, so the additional rejections are unnecessary.

What you could do is change your first rule to

if (dst in 2001:db8:abcd::/48 && dst-len in 32-48) { accept; }

Using “in” will match any smaller subnets as well.

Use “==” to match a specific prefix.

Have a look at the “prefix operators” on https://help.mikrotik.com/docs/spaces/ROS/pages/74678285/Route+Selection+and+Filters#RouteSelectionandFilters-PrefixOperators

Thank guys, you helped a lot!

I actually went with a third option:

Return true if the prefix is the subnet of the provided network. If an operator is used to match prefixes from the address list (e.g “dst in list_name”), then it will match only the exact prefix.

I used address list instead of a prefix, and it worked as intended.