A match will now occur only if the TCP datagram has the ACK or the RST bit set.
The established keyword will work only for TCP, not UDP
Consider the following situation: You do not want hackers exploiting port 80 to access your network. Because you do not host a web server, it is possible to block incoming traffic on port 80...except that your internal users need web access. When they request a web page, return traffic on port 80 must be allowed. The solution to this problem is to use the established command. The ACL will allow the response to enter your network, as it will have the ACK bit set as a result of the initial request from inside your network. Requests from the outside world will still be blocked, because the ACK bit will not be set, but responses will be allowed through.