Ingress ACL rules typically permit a specific type of internally originated connection to outside resources.

Ingress ACLs are evaluated as traffic enters a device from a peer network and are typically used to control inbound traffic from outside to inside. They aren’t the mechanism that allows internal hosts to reach external resources. That kind of traffic is managed by egress ACLs, which filter traffic as it leaves toward external networks. So the statement isn’t accurate: the typical control for internal-to-external connections lies with outbound (egress) ACLs, not ingress. In practice, to permit internal hosts to access the Internet, you’d configure the outbound path to allow the desired destinations and ports (often alongside NAT); ingress rules would address inbound traffic from the outside, not the outbound flow.