Cisco Context-Based Access Control (CBAC)
Cisco Context-Based Access Control (CBAC) is a component of the Cisco IOS Firewall feature set
CBAC is essentially a firewall for Cisco IOS routers that offers some more features than a simple access-list. CBAC is able to inspect up to layer 7 of the OSI model and can dynamically create rules to allow return traffic. It is similar to a reflexive access-list but one of the key differences is that reflexive Access-List (ACL)s only inspect up to layer 4.
The purpose of CBAC is to enable security features on an already existing Cisco IOS device, without the need to purchase a separate purpose-built firewall. It is a feature of convenience and should be used sparingly and only in low-risk situations, such as a small office with no mission-critical network services or data.
CBAC is sometimes called a Transparent IOS firewall
For proper security, a separate purpose-built firewall should be used.
Links
https://forum.networklessons.com/t/cisco-cbac-configuration-example/1079/20?u=lagapides
https://www.ciscopress.com/articles/article.asp?p=26533
https://networklessons.com/cisco/ccie-enterprise-infrastructure/cisco-cbac-configuration-example/