diff --git a/data/filter.txt b/data/filter.txt
index 9052c70e9..7cdd902e6 100644
--- a/data/filter.txt
+++ b/data/filter.txt
@@ -10,20 +10,23 @@
 #            /^[0-9]/ && $2 ~ /permit/ {printf "     %s{%s,%s},\n", $3, $4, $5};' | \
 #       sed "$ s/,$/\n  ];\n}/"
 
+# The rules MUST be sorted by the number column first and then the first matching rule MUST be used.
+# ROAs MUST be checked against these rules and max-length of the ROA NUST NOT be longer than allowed by the matching rule.
 
 #Nr   Action  Prefix           MinLen  MaxLen
-0010  permit  172.20.0.0/14    21      29      # dn42 main net
-0011  permit  172.20.0.0/24    28      32      # dn42 Anycast range
-0012  permit  172.21.0.0/24    28      32      # dn42 Anycast range
-0013  permit  172.22.0.0/24    28      32      # dn42 Anycast range
-0014  permit  172.23.0.0/24    28      32      # dn42 Anycast range
 
-0020  deny    10.10.10.0/24    24      32      # kabel deutschland/superkabel has DNS servers there (IDIOTS)
-0021  permit  10.100.0.0/14    14      32      # chaosvpn
-0022  permit  10.0.0.0/8       15      24      # freifunk/chaosvpn
+0001  deny    172.22.166.0/24  24      32      # Black List due not responding to abuse mails after wiki grief.
 
-0040  permit  172.31.0.0/16    16      32      # chaosvpn
+1001  permit  172.20.0.0/24    28      32      # dn42 Anycast range
+1002  permit  172.21.0.0/24    28      32      # dn42 Anycast range
+1003  permit  172.22.0.0/24    28      32      # dn42 Anycast range
+1004  permit  172.23.0.0/24    28      32      # dn42 Anycast range
+1100  permit  172.20.0.0/14    21      29      # dn42 main net
 
-0050  deny    172.22.166.0/24  24      32      # Black List due to policy violations.
+2001  permit  10.100.0.0/14    14      32      # chaosvpn
+2002  permit  10.0.0.0/8       15      24      # freifunk/chaosvpn
+
+3001  permit  172.31.0.0/16    16      32      # chaosvpn
+
+9999  deny    0.0.0.0/0        0       32      # block the rest
 
-1000  deny    0.0.0.0/0        0       32      # block the rest
diff --git a/data/filter6.txt b/data/filter6.txt
index 673620ba3..0b9b0c3bc 100644
--- a/data/filter6.txt
+++ b/data/filter6.txt
@@ -10,8 +10,11 @@
 #            /^[0-9]/ && $2 ~ /permit/ {printf "     %s{%s,%s},\n", $3, $4, $5};' | \
 #       sed "$ s/,$/\n  ];\n}/"
 
+# The rules MUST be sorted by the number column first and then the first matching rule MUST be used.                                                                                                                                                                                                                                                         # ROAs MUST be checked against these rules and max-length of the ROA NUST NOT be longer than allowed by the matching rule.
+
 # Nr    Action    Prefix                      MinLen  MaxLen    # Comment
-0010    deny      fc00::/8                     8      128       # ULA (undefined)
-0011    permit    fd00::/8                    44       64       # ULA (defined)
 
+1001    permit    fd00::/8                    44       64       # ULA (defined)
+
+9999    deny      ::/0                         0      128       # block the rest