diff --git a/host_vars/routeur-daniel.adm.crans.org/bird.yml b/host_vars/routeur-daniel.adm.crans.org/bird.yml
index f4b34d23..f8269ef1 100644
--- a/host_vars/routeur-daniel.adm.crans.org/bird.yml
+++ b/host_vars/routeur-daniel.adm.crans.org/bird.yml
@@ -8,6 +8,8 @@ loc_bird:
     statics:
       - 185.230.78.0/24
       - 185.230.79.0/24
+    kernel_filter:
+      - 185.230.78.0/24
     bgps:
       - name: viarezo
         allow_local_as: 1
diff --git a/host_vars/routeur-jack.adm.crans.org/bird.yml b/host_vars/routeur-jack.adm.crans.org/bird.yml
index f4b34d23..f8269ef1 100644
--- a/host_vars/routeur-jack.adm.crans.org/bird.yml
+++ b/host_vars/routeur-jack.adm.crans.org/bird.yml
@@ -8,6 +8,8 @@ loc_bird:
     statics:
       - 185.230.78.0/24
       - 185.230.79.0/24
+    kernel_filter:
+      - 185.230.78.0/24
     bgps:
       - name: viarezo
         allow_local_as: 1
diff --git a/host_vars/routeur-sam.adm.crans.org/bird.yml b/host_vars/routeur-sam.adm.crans.org/bird.yml
index f4b34d23..f8269ef1 100644
--- a/host_vars/routeur-sam.adm.crans.org/bird.yml
+++ b/host_vars/routeur-sam.adm.crans.org/bird.yml
@@ -8,6 +8,8 @@ loc_bird:
     statics:
       - 185.230.78.0/24
       - 185.230.79.0/24
+    kernel_filter:
+      - 185.230.78.0/24
     bgps:
       - name: viarezo
         allow_local_as: 1
diff --git a/roles/bird/templates/bird/bird.conf.j2 b/roles/bird/templates/bird/bird.conf.j2
index b5cd4332..5c837643 100644
--- a/roles/bird/templates/bird/bird.conf.j2
+++ b/roles/bird/templates/bird/bird.conf.j2
@@ -23,7 +23,14 @@ protocol kernel {
 #	persist;
 	scan time 60;
 	import none;
+{% if bird.ipv4.kernel_filter is defined %}
+	export filter {
+		if ( net ~ [ {{ bird.ipv4.kernel_filter|join(', ') }} ] ) then reject;
+		accept;
+	};
+{% else %}
 	export all;
+{% endif %}
 }
 
 # The Device protocol is not a real routing protocol. It doesn't generate any
diff --git a/roles/bird/templates/bird/bird6.conf.j2 b/roles/bird/templates/bird/bird6.conf.j2
index 6c30ef11..8e02921c 100644
--- a/roles/bird/templates/bird/bird6.conf.j2
+++ b/roles/bird/templates/bird/bird6.conf.j2
@@ -22,7 +22,14 @@ protocol kernel {
 #	persist;
 	scan time 60;
 	import none;
+{% if bird.ipv6.kernel_filter is defined %}
+	export filter {
+		if ( net ~ [ {{ bird.ipv6.kernel_filter|join(', ') }} ] ) then reject;
+		accept;
+	};
+{% else %}
 	export all;
+{% endif %}
 }
 
 # The Device protocol is not a real routing protocol. It doesn't generate any