Reflective access-lists allows the router to pass “established” tcp traffic that has been previously allowed via another ACL. Due to routers to not having (by default) a state table, this ensures that you do not have to create additional access list entries to allow the return traffic of a permitted tcp session.
(config)# ip access-list extended INTERNET_FILTER
(config-ext-nacl)# permit tcp any any established
Rick Donato is a Network Automation Architect/Evangelist and the founder of Packet Coders.
Latest posts by Rick Donato (see all)
- NETCONF & YANG: Automate Network Configs via Python - April 2, 2026
- Palo Alto – How to Configure Your Next-Generation Firewall - April 2, 2026
- How to Harden Linux SSH: Keys, Fail2ban & Ciphers - March 1, 2026
Want to become a networking expert ?
Here is our hand-picked selection of the best courses you can find online:
Cisco CCNA Certification Gold Bootcamp
Complete Cyber Security Course – Network Security
Internet Security Deep Dive course
Python Pro Bootcamp
and our recommended certification practice exams:
Delta Practice Tests