The following BGP sub-command may be used to filter updates from a neighbor based on the IP prefix in the update packet:

neighbor ip-address distribute-list {access-list-number | name/prefix-list 
               prefixlistname} {in | out}

ip-address is the address of the BGP peer. The IP prefixes to be filtered may be specified in an access list or a prefix list.

Consider TraderMary’s network again. An access list would be appropriate to block TrdrMary-1 from learning its own internal numbers from ISP-A:

hostname TrdrMary-1
!
interface Serial1
 description * to ISP-A *
 ip address 192.100.100.253 255.255.255.252
...
router bgp 100
neighbor 192.100.100.254 remote-as 192
neighbor 192.100.100.254 distribute-list 1 in
!
access-list 1 deny 160.160.0.0
access-list 1 deny 192.200.200.0
access-list 1 permit 0.0.0.0 255.255.255.255

Simple access lists do not allow control over the subnet mask field. So, ISP-X may advertise 192.156.0.0/16 to peer a.b.c.d as follows:

hostname ISP-X-1
!
router bgp 222
neighbor a.b.c.d 
neighbor a.b.c.d distribute-list 10 out
access-list 10 permit 192.156.0.0

However, this access list will permit 192.156.0.0/16, 192.156.0.0/17, 192.156.0.0/18, and so on. To ensure that ISP-X advertises only 192.156.0.0/16, we need to configure an extended access list that has room to specify the mask ...