If you are protecting your network from packet with spoofed source IP, it is likely that you have to update your routers ACL each time the route you learn from your customers are changing. This can be automated, but could this be done without having to generated ?
BGP firewall WARNING This post is kept for nostalgic reason. Please do not use this solution for anything in production as it is more than likely that it will cause issues with any serious traffic.