This is typical ACL which you can configure on the Public interface of your router in the Inbound direction.
ip access-list EDGE_ROUTER_FW_IN remark ***DENY_FRAGMENTS*** deny tcp any PUBLIC_NETWORK fragments deny udp any PUBLIC_NETWORK fragments remark ***DENY_RFC3330*** deny ip host 0.0.0.0 any deny ip 127.0.0.0 0.255.255.255 any deny ip 192.0.2.0 0.0.0.255 any deny ip 224.0.0.0 31.255.255.255 any remark ***DENY_RFC1918*** deny ip 10.0.0.0 0.255.255.255 any deny ip 172.16.0.0 0.15.255.255 any deny ip 192.168.0.0 0.0.255.255 any remark ***DENY_SPOOFING*** deny ip PUBLIC_NETWORK any remark ***PERMIT_PEERS**** permit tcp host PEER host ROUTER eq bgp remark ***PROTECT_INFRA*** deny ip any INFRA_NETWORK remark ***PERMIT_PUBLIC_NETWORK*** permit ip any PUBLIC_NETWORK