diff --git a/defaults/main.yml b/defaults/main.yml
index 7b44103b398086a53bae03ee15ba92a210755885..0c2fb588bb556eab9f047c09212675af44a660cd 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -8,3 +8,5 @@ dc4_ranges: []
 
 anycast_ranges: []
 anycast4_ranges: []
+
+trusted_peers: []
diff --git a/templates/frr_conf.j2 b/templates/frr_conf.j2
index e8c62c526e37f9bd70f9106761f8a41633784545..ae1e3f0be3c34fbbdf7957788c6cce61641128fb 100644
--- a/templates/frr_conf.j2
+++ b/templates/frr_conf.j2
@@ -15,9 +15,22 @@ router bgp {{bgp_asn}}
 {% endfor %}
  neighbor outside peer-group
  neighbor outside remote-as external
+ neighbor trusted-peers peer-group
+ neighbor trusted-peers remote-as internal
+ neighbor trusted-peers bfd
+{% for neighbor in trusted_peers %}
+{%   if (neighbor|ansible.utils.ipv6) or (neighbor|ansible.utils.ipv4) %}
+ neighbor {{ neighbor }} peer-group trusted-peers
+{%   else %}
+ neighbor {{ neighbor }} interface peer-group trusted-peers
+{%   endif %}
+{% endfor %}
 !
  address-family ipv4 unicast
   network 0.0.0.0/0
+  neighbor trusted-peers activate
+  neighbor trusted-peers prefix-list all out
+  neighbor trusted-peers prefix-list all in
 {% for neighbor in internet_connections %}
 {%   for ip in neighbor.peer_ips %}
 {%     if ip|ansible.utils.ipv4 %}
@@ -30,6 +43,9 @@ router bgp {{bgp_asn}}
 !
  address-family ipv6 unicast
   network ::/0
+  neighbor trusted-peers activate
+  neighbor trusted-peers prefix-list all out
+  neighbor trusted-peers prefix-list all in
 {% for neighbor in internet_connections %}
 {%   for ip in neighbor.peer_ips %}
 {%     if ip|ansible.utils.ipv6 %}
@@ -128,3 +144,5 @@ ip prefix-list my-networks seq {{(loop.index|int)*10}} permit {{range}}
 ip prefix-list my-networks seq {{(loop.index|int)*10+10}} deny any
 {%   endif %}
 {% endfor %}
+ip prefix-list all seq 10 permit any
+ipv6 prefix-list all seq 10 permit any
diff --git a/templates/int_rtr.nft.j2 b/templates/int_rtr.nft.j2
index c15e929c2ac9ebed58fc05e8d0d435dd28773a95..45b41c466a9b44a5d22d75890bccda03d47aaeb3 100644
--- a/templates/int_rtr.nft.j2
+++ b/templates/int_rtr.nft.j2
@@ -44,7 +44,7 @@ table inet filter {
 			iif == lo accept
 			tcp dport ssh accept
 {% for range in dc_ranges %}
-			ip{% if range|ansible.utils.ipv6%}6{% endif %} saddr {{range}} tcp dport ssh accept
+			ip{% if range|ansible.utils.ipv6%}6{% endif %} saddr {{range}} accept
 {% endfor %}
 {% for neighbor in internet_connections %}
 {%   for ip in neighbor.peer_ips %}