diff --git a/yang/frr-zebra.yang b/yang/frr-zebra.yang
index 06ba547d0b..ff4a5058b2 100644
--- a/yang/frr-zebra.yang
+++ b/yang/frr-zebra.yang
@@ -2758,6 +2758,31 @@ module frr-zebra {
            some routing protocols identifying a router.";
       }
 
+      list filter-protocol {
+        key "afi-safi protocol";
+        description
+          "Filter routing info exchanged between zebra and protocol.";
+        leaf afi-safi {
+          type identityref {
+            base frr-rt:afi-safi-type;
+          }
+          description
+            "AFI-SAFI type.";
+        }
+        leaf protocol {
+          // This should be identityref to frr-rt:control-plane-protocol someday
+          type string;
+          description
+            "The protocol to filter.";
+        }
+        leaf route-map {
+          type frr-route-map:route-map-ref;
+          mandatory true;
+          description
+            "A route-map to filter routes.";
+        }
+      }
+
       uses ribs;
 
       uses vrf-vni-mapping;
diff --git a/zebra/zebra_nb.c b/zebra/zebra_nb.c
index cbf5bfb59a..d8781328d6 100644
--- a/zebra/zebra_nb.c
+++ b/zebra/zebra_nb.c
@@ -847,6 +847,19 @@ const struct frr_yang_module_info frr_zebra_info = {
 				.destroy = lib_vrf_zebra_ipv6_router_id_destroy,
 			}
 		},
+		{
+			.xpath = "/frr-vrf:lib/vrf/frr-zebra:zebra/filter-protocol",
+			.cbs = {
+				.create = lib_vrf_zebra_filter_protocol_create,
+				.destroy = lib_vrf_zebra_filter_protocol_destroy,
+			}
+		},
+		{
+			.xpath = "/frr-vrf:lib/vrf/frr-zebra:zebra/filter-protocol/route-map",
+			.cbs = {
+				.modify = lib_vrf_zebra_filter_protocol_route_map_modify,
+			}
+		},
 		{
 			.xpath = "/frr-vrf:lib/vrf/frr-zebra:zebra/ribs/rib",
 			.cbs = {
diff --git a/zebra/zebra_nb.h b/zebra/zebra_nb.h
index 9cde562060..0e66f8b5f5 100644
--- a/zebra/zebra_nb.h
+++ b/zebra/zebra_nb.h
@@ -420,6 +420,10 @@ int lib_vrf_zebra_router_id_modify(struct nb_cb_modify_args *args);
 int lib_vrf_zebra_router_id_destroy(struct nb_cb_destroy_args *args);
 int lib_vrf_zebra_ipv6_router_id_modify(struct nb_cb_modify_args *args);
 int lib_vrf_zebra_ipv6_router_id_destroy(struct nb_cb_destroy_args *args);
+int lib_vrf_zebra_filter_protocol_create(struct nb_cb_create_args *args);
+int lib_vrf_zebra_filter_protocol_destroy(struct nb_cb_destroy_args *args);
+int lib_vrf_zebra_filter_protocol_route_map_modify(
+	struct nb_cb_modify_args *args);
 const void *lib_vrf_zebra_ribs_rib_get_next(struct nb_cb_get_next_args *args);
 int lib_vrf_zebra_ribs_rib_get_keys(struct nb_cb_get_keys_args *args);
 const void *
diff --git a/zebra/zebra_nb_config.c b/zebra/zebra_nb_config.c
index c828d08733..ca1d1c626a 100644
--- a/zebra/zebra_nb_config.c
+++ b/zebra/zebra_nb_config.c
@@ -26,6 +26,7 @@
 #include "zebra/zebra_evpn_mh.h"
 #include "zebra/zebra_ptm.h"
 #include "zebra/router-id.h"
+#include "zebra/zebra_routemap.h"
 
 /*
  * XPath: /frr-zebra:zebra/mcast-rpf-lookup
@@ -3303,6 +3304,106 @@ int lib_vrf_zebra_ipv6_router_id_destroy(struct nb_cb_destroy_args *args)
 	return NB_OK;
 }
 
+/*
+ * XPath: /frr-vrf:lib/vrf/frr-zebra:zebra/filter-protocol
+ */
+int lib_vrf_zebra_filter_protocol_create(struct nb_cb_create_args *args)
+{
+	struct vrf *vrf;
+	const char *afi_safi = yang_dnode_get_string(args->dnode, "afi-safi");
+	const char *proto = yang_dnode_get_string(args->dnode, "protocol");
+	const char *rmap = yang_dnode_get_string(args->dnode, "route-map");
+	afi_t afi;
+	safi_t safi;
+	int rtype;
+
+	yang_afi_safi_identity2value(afi_safi, &afi, &safi);
+
+	if (strcasecmp(proto, "any") == 0)
+		rtype = ZEBRA_ROUTE_MAX;
+	else
+		rtype = proto_name2num(proto);
+
+	if (args->event == NB_EV_VALIDATE)
+		if (rtype < 0) {
+			snprintfrr(args->errmsg, args->errmsg_len,
+				   "invalid protocol name \"%s\"", proto);
+			return NB_ERR_VALIDATION;
+		}
+
+	if (args->event != NB_EV_APPLY)
+		return NB_OK;
+
+	vrf = nb_running_get_entry(args->dnode, NULL, true);
+
+	ip_protocol_rm_add(vrf->info, rmap, rtype, afi, safi);
+
+	return NB_OK;
+}
+
+int lib_vrf_zebra_filter_protocol_destroy(struct nb_cb_destroy_args *args)
+{
+	struct vrf *vrf;
+	const char *afi_safi = yang_dnode_get_string(args->dnode, "afi-safi");
+	const char *proto = yang_dnode_get_string(args->dnode, "protocol");
+	const char *rmap = yang_dnode_get_string(args->dnode, "route-map");
+	afi_t afi;
+	safi_t safi;
+	int rtype;
+
+	yang_afi_safi_identity2value(afi_safi, &afi, &safi);
+
+	if (strcasecmp(proto, "any") == 0)
+		rtype = ZEBRA_ROUTE_MAX;
+	else
+		rtype = proto_name2num(proto);
+
+	/* deleting an existing entry, it can't be invalid */
+	assert(rtype >= 0);
+
+	if (args->event != NB_EV_APPLY)
+		return NB_OK;
+
+	vrf = nb_running_get_entry(args->dnode, NULL, true);
+
+	ip_protocol_rm_del(vrf->info, rmap, rtype, afi, safi);
+
+	return NB_OK;
+}
+
+/*
+ * XPath: /frr-vrf:lib/vrf/frr-zebra:zebra/filter-protocol/route-map
+ */
+int lib_vrf_zebra_filter_protocol_route_map_modify(struct nb_cb_modify_args *args)
+{
+	struct vrf *vrf;
+	const char *afi_safi = yang_dnode_get_string(args->dnode, "../afi-safi");
+	const char *proto = yang_dnode_get_string(args->dnode, "../protocol");
+	const char *rmap = yang_dnode_get_string(args->dnode, NULL);
+	afi_t afi;
+	safi_t safi;
+	int rtype;
+
+	yang_afi_safi_identity2value(afi_safi, &afi, &safi);
+
+	if (strcasecmp(proto, "any") == 0)
+		rtype = ZEBRA_ROUTE_MAX;
+	else
+		rtype = proto_name2num(proto);
+
+	/* editing an existing entry, it can't be invalid */
+	assert(rtype >= 0);
+
+	if (args->event != NB_EV_APPLY)
+		return NB_OK;
+
+	vrf = nb_running_get_entry(args->dnode, NULL, true);
+
+	ip_protocol_rm_add(vrf->info, rmap, rtype, afi, safi);
+
+	return NB_OK;
+}
+
 /*
  * XPath: /frr-vrf:lib/vrf/frr-zebra:zebra/l3vni-id
  */
diff --git a/zebra/zebra_routemap.c b/zebra/zebra_routemap.c
index 21aaf1d066..f9f597945d 100644
--- a/zebra/zebra_routemap.c
+++ b/zebra/zebra_routemap.c
@@ -284,8 +284,8 @@ static const struct route_map_rule_cmd route_match_interface_cmd = {
 	route_match_interface_free
 };
 
-static int ip_protocol_rm_add(struct zebra_vrf *zvrf, const char *rmap,
-			      int rtype, afi_t afi, safi_t safi)
+int ip_protocol_rm_add(struct zebra_vrf *zvrf, const char *rmap, int rtype,
+		       afi_t afi, safi_t safi)
 {
 	struct route_table *table;
 
@@ -317,8 +317,8 @@ static int ip_protocol_rm_add(struct zebra_vrf *zvrf, const char *rmap,
 	return CMD_SUCCESS;
 }
 
-static int ip_protocol_rm_del(struct zebra_vrf *zvrf, const char *rmap,
-			      int rtype, afi_t afi, safi_t safi)
+int ip_protocol_rm_del(struct zebra_vrf *zvrf, const char *rmap, int rtype,
+		       afi_t afi, safi_t safi)
 {
 	struct route_table *table;
 
@@ -677,28 +677,21 @@ DEFPY_YANG (ip_protocol,
        "Specify route-map\n"
        "Route map name\n")
 {
-	int ret, rtype;
+	nb_cli_enqueue_change(vty, ".", NB_OP_CREATE, NULL);
+	nb_cli_enqueue_change(vty, "./route-map", NB_OP_MODIFY, rmap);
 
-	assert(proto);
-	assert(rmap);
+	if (vty->node == CONFIG_NODE)
+		return nb_cli_apply_changes(
+			vty,
+			"/frr-vrf:lib/vrf[name='%s']/frr-zebra:zebra/filter-protocol[afi-safi='%s'][protocol='%s']",
+			VRF_DEFAULT_NAME,
+			yang_afi_safi_value2identity(AFI_IP, SAFI_UNICAST),
+			proto);
 
-	ZEBRA_DECLVAR_CONTEXT_VRF(vrf, zvrf);
-
-	if (!zvrf)
-		return CMD_WARNING;
-
-	if (strcasecmp(proto, "any") == 0)
-		rtype = ZEBRA_ROUTE_MAX;
-	else
-		rtype = proto_name2num(proto);
-	if (rtype < 0) {
-		vty_out(vty, "invalid protocol name \"%s\"\n", proto);
-		return CMD_WARNING_CONFIG_FAILED;
-	}
-
-	ret = ip_protocol_rm_add(zvrf, rmap, rtype, AFI_IP, SAFI_UNICAST);
-
-	return ret;
+	return nb_cli_apply_changes(
+		vty,
+		"./frr-zebra:zebra/filter-protocol[afi-safi='%s'][protocol='%s']",
+		yang_afi_safi_value2identity(AFI_IP, SAFI_UNICAST), proto);
 }
 
 DEFPY_YANG (no_ip_protocol,
@@ -712,27 +705,20 @@ DEFPY_YANG (no_ip_protocol,
        "Specify route-map\n"
        "Route map name\n")
 {
-	int ret, rtype;
+	nb_cli_enqueue_change(vty, ".", NB_OP_DESTROY, NULL);
 
-	assert(proto);
+	if (vty->node == CONFIG_NODE)
+		return nb_cli_apply_changes(
+			vty,
+			"/frr-vrf:lib/vrf[name='%s']/frr-zebra:zebra/filter-protocol[afi-safi='%s'][protocol='%s']",
+			VRF_DEFAULT_NAME,
+			yang_afi_safi_value2identity(AFI_IP, SAFI_UNICAST),
+			proto);
 
-	ZEBRA_DECLVAR_CONTEXT_VRF(vrf, zvrf);
-
-	if (!zvrf)
-		return CMD_WARNING;
-
-	if (strcasecmp(proto, "any") == 0)
-		rtype = ZEBRA_ROUTE_MAX;
-	else
-		rtype = proto_name2num(proto);
-	if (rtype < 0) {
-		vty_out(vty, "invalid protocol name \"%s\"\n", proto);
-		return CMD_WARNING_CONFIG_FAILED;
-	}
-
-	ret = ip_protocol_rm_del(zvrf, rmap, rtype, AFI_IP, SAFI_UNICAST);
-
-	return ret;
+	return nb_cli_apply_changes(
+		vty,
+		"./frr-zebra:zebra/filter-protocol[afi-safi='%s'][protocol='%s']",
+		yang_afi_safi_value2identity(AFI_IP, SAFI_UNICAST), proto);
 }
 
 DEFPY_YANG (show_ip_protocol,
@@ -758,28 +744,21 @@ DEFPY_YANG (ipv6_protocol,
        "Specify route-map\n"
        "Route map name\n")
 {
-	int ret, rtype;
+	nb_cli_enqueue_change(vty, ".", NB_OP_CREATE, NULL);
+	nb_cli_enqueue_change(vty, "./route-map", NB_OP_MODIFY, rmap);
 
-	assert(rmap);
-	assert(proto);
+	if (vty->node == CONFIG_NODE)
+		return nb_cli_apply_changes(
+			vty,
+			"/frr-vrf:lib/vrf[name='%s']/frr-zebra:zebra/filter-protocol[afi-safi='%s'][protocol='%s']",
+			VRF_DEFAULT_NAME,
+			yang_afi_safi_value2identity(AFI_IP6, SAFI_UNICAST),
+			proto);
 
-	ZEBRA_DECLVAR_CONTEXT_VRF(vrf, zvrf);
-
-	if (!zvrf)
-		return CMD_WARNING;
-
-	if (strcasecmp(proto, "any") == 0)
-		rtype = ZEBRA_ROUTE_MAX;
-	else
-		rtype = proto_name2num(proto);
-	if (rtype < 0) {
-		vty_out(vty, "invalid protocol name \"%s\"\n", proto);
-		return CMD_WARNING_CONFIG_FAILED;
-	}
-
-	ret = ip_protocol_rm_add(zvrf, rmap, rtype, AFI_IP6, SAFI_UNICAST);
-
-	return ret;
+	return nb_cli_apply_changes(
+		vty,
+		"./frr-zebra:zebra/filter-protocol[afi-safi='%s'][protocol='%s']",
+		yang_afi_safi_value2identity(AFI_IP6, SAFI_UNICAST), proto);
 }
 
 DEFPY_YANG (no_ipv6_protocol,
@@ -793,27 +772,20 @@ DEFPY_YANG (no_ipv6_protocol,
        "Specify route-map\n"
        "Route map name\n")
 {
-	int ret, rtype;
+	nb_cli_enqueue_change(vty, ".", NB_OP_DESTROY, NULL);
 
-	assert(proto);
+	if (vty->node == CONFIG_NODE)
+		return nb_cli_apply_changes(
+			vty,
+			"/frr-vrf:lib/vrf[name='%s']/frr-zebra:zebra/filter-protocol[afi-safi='%s'][protocol='%s']",
+			VRF_DEFAULT_NAME,
+			yang_afi_safi_value2identity(AFI_IP6, SAFI_UNICAST),
+			proto);
 
-	ZEBRA_DECLVAR_CONTEXT_VRF(vrf, zvrf);
-
-	if (!zvrf)
-		return CMD_WARNING;
-
-	if (strcasecmp(proto, "any") == 0)
-		rtype = ZEBRA_ROUTE_MAX;
-	else
-		rtype = proto_name2num(proto);
-	if (rtype < 0) {
-		vty_out(vty, "invalid protocol name \"%s\"\n", proto);
-		return CMD_WARNING_CONFIG_FAILED;
-	}
-
-	ret = ip_protocol_rm_del(zvrf, rmap, rtype, AFI_IP6, SAFI_UNICAST);
-
-	return ret;
+	return nb_cli_apply_changes(
+		vty,
+		"./frr-zebra:zebra/filter-protocol[afi-safi='%s'][protocol='%s']",
+		yang_afi_safi_value2identity(AFI_IP6, SAFI_UNICAST), proto);
 }
 
 DEFPY_YANG (show_ipv6_protocol,
diff --git a/zebra/zebra_routemap.h b/zebra/zebra_routemap.h
index fceb53c841..018e874ddd 100644
--- a/zebra/zebra_routemap.h
+++ b/zebra/zebra_routemap.h
@@ -35,6 +35,11 @@ extern route_map_result_t zebra_nht_route_map_check(afi_t afi, int client_proto,
 						    struct route_entry *re,
 						    struct nexthop *nexthop);
 
+extern int ip_protocol_rm_add(struct zebra_vrf *zvrf, const char *rmap,
+			      int rtype, afi_t afi, safi_t safi);
+extern int ip_protocol_rm_del(struct zebra_vrf *zvrf, const char *rmap,
+			      int rtype, afi_t afi, safi_t safi);
+
 extern void zebra_routemap_vrf_delete(struct zebra_vrf *zvrf);
 
 #ifdef __cplusplus