What are reflective access-lists ?

Reflective access-lists allows the router to pass "established" tcp traffic that has been previously allowed via another ACL. Due to routers to not having (by default) a state table, this ensures that you do not have to create additional access list entries to allow the return traffic of a permitted tcp session.

(config)# ip access-list extended INTERNET_FILTER
(config-ext-nacl)# permit tcp any any established