The only network prefix we're really interested in is the one with the longest prefix (1.2.3.0/24). Therefore, we can craft an alert rule that excludes prefixes 1.0.0.0/8 and 1.2.0.0/16 from alerting. To do so, I would create the alert with the following criteria. Note the selection of the second metric and operator.