Thank You, everything is clear now. I have had no idea that routing filter works like the firewall.
Your both propositions are understandable, but I will stay with my rule "add action=discard chain=only_local_out invert-match=yes locally-originated-bgp=yes" because it is not sensitive for adding new networks to advertise.
That works for you right now, but it's actually not a good habit for you to form while learning BGP.
Suppose the current router is R1, and you use this filter.
Later, you add a new interior router (R2) to your network in the same ASN - This will be iBGP, and they should share their complete routing information. If R2 originates a prefix into your iBGP, then R1 will not send this new route to the EBGP neighbor, even though it should do so.
Another benefit of using explit prefixes is that it prevents you from accidentally advertising something later. Suppose you turn on "redistribute connected" and then add an interface 10.1.1.1/24 to the router - your router will try to put 10.1.1.1/24 into public BGP!
This rule works for you now in a very specific situation, but it's not consistent with best practice. It is much better to build good habits as soon as you can.
If you want to learn how to filter "my prefixes only" everywhere in a scalable way, you should experiment with BGP communities. You can have 5 thousand routers all following the same rules very easily using this.
Whenever you originate a route into BGP, add a community to it that means "my locally originated routes" - if your ASN is 500, then you might use 500:1 to mean this. You may then add 500:2 for "routes from my customers" And then on every ebgp router, you use a filter that allows only the routes with these two communities attached to them. This way, you can add 500 routes per week and never touch most of your ebgp routers.