I do not think there is a "best practice." In fact, "Operational
Entropy"(1) has a big factor with packet filtering ACLs on the
interconnect side of an SP. So you are not going to find a lot of packet
filtering on SP-SP links.
There are links and presentations you can refer to help build a iACL
(Infrastructure protecting ACL).
Whitepaper on Infrastructure ACLs (iACLs)
(principles in this one can be converted to any packet filter)
Team CYMRU's Secure Templates:
Next Gen Peering Architectures and Tools
(1) Operational Entropy is the process of natural decay that starts the
moment the policy gets applied. OPEX resources need to be allocated to
insure the entropy does not lead to operational consequence (i.e. the
decayed policy breaks things).