We have three sites connected to each other over MPLS network through BGP protocol with various routes advertised. If a fourth site were to be added, how can I restrict the routes advertised by the other three sites in a way that only specific routes gets advertised to the fourth site. Some kind of a BGP filter etc...
This Link has enough information on how to filter routes per neighbor :-
if you are administering the router on the new site, the easiest way is to filter prefixes incoming from the MPLS backbone (route-map using match on ip addresses, AS numbers, etc.).
If you are not administering the new site router and can't trust 100% the administrator, you might ask your MPLS provider to provide you multiple MPLS VPNs and play with route targets to deliver only the necessary prefixes to the new site.
But it really depends on your particular possibilities and goals.
it's quite a challenge, I'm afraid.
If you are not able to configure routers on the remote site, the easiest way would be asking your provider to filter the prefixes sent to them.
If you want to do it all yourself from the Head Office, there might be a possiblity to "poison" the prefixes you want the Branch Office in AS 65011 to refuse, e.g., by prepending 65011 65010 when sent to the backbone.
But it's a little tricky and dangerous potentially.