[j-nsp] i suck at bgp import policy - help?

[ryanL]

hi. i am certainly doing something wrong.

on a bgp neighbor i have the following policy:

import ALL-TRANSIT-IN;

i've reduced it to basics, which says:

term DENY-BASICS {
    from policy DEFAULT-ROUTE;
    then reject;
}
term GENERAL-ACCEPT {
    then {
        local-preference 200;
        community set COMM-TRANSIT;
        accept;
    }
}

where policy DEFAULT-ROUTE is:

from {
    route-filter 0.0.0.0/0 exact;
}
then accept;

accept AND reject = reject, right? i performed a no-term basic test
for a reject AND reject, which accepted all routes, so i'm pretty sure
my head isn't too far up my...

anyways, the above policies unfortunately result in all routes being
received, but not accepted.

Peer                     AS      InPkt     OutPkt    OutQ   Flaps Last
Up/Dwn State|#Active/Received/Accepted/Damped...
<removed>          <removed>     163888        184       0       0
1:15:38 0/431093/0/0         0/0/0/0

if i remove the DENY-BASICS term, all routes go active and get stamped
with my community and local-pref value.

i've tried other DENY related terms, such as filtering out long
as-paths, or just RFC1918, or even just spoofs of my own netblock.
normal stuff. routes stay hidden due to:

   State: <Hidden Ext>
   Inactive reason: Unusable path

so, what am i screwing up on here? this is on 12.2R2.4. i'm
effectively trying to follow the cymru secure junos bgp template,
among others.

thanks.

ryan