What are reflective access-lists ?
Reflective access-lists allows the router to pass "established" tcp traffic that has been previously allowed via another ACL. Due to routers to not having (by default) a state table, this ensures that you do not have to create additional access list entries to allow the return traffic of a permitted tcp session.
(config)# ip access-list extended INTERNET_FILTER
(config-ext-nacl)# permit tcp any any established