The "established" keyword in some Cisco IOS software allowed an malicious user to bypass filtering.
cisco ios 11.2