I haven't tested this myself. But I remember seeing this in the O'Reilly ScreenOS cookbook. And sure enough its on page 603.
This should accept the prefixes you have defined including the default and deny all others.
e0/0 is untrust
Create your access list
set vrouter trust-vr
set access-list 3 permit ip 30.11.1.0/24 1
set access-list 3 permit 30.12.1.0/24 2
set access-list 3 permit 30.13.1.0/24 3
set access-list 3 permit default-route 4
Then set your route map
set route-map name inbound-from-isp permit 10
set match ip 3
exit
BGP Neighbor settings
set protocol bgp neighbor x.x.x.x remote-as x
set protocol bgp neighbor x.x.x.x route-map inbound-from-isp in
set protocol bgp neighbor x.x.x.x enable
exit
You should be able to check this by the following command
get vrouter trust-vr protocol bgp rib-in
get vrouter trust-vr route protocol bgp
Message Edited by shadow on 09-28-2009 10:11 PM