Try this:
set firewall family inet filter eveo_in term allow_return-traffic from protocol tcp
set firewall family inet filter eveo_in term allow_return-traffic from tcp-established
set firewall family inet filter eveo_in term allow_return-traffic then accept
You could also use port instead of destination-port, but that may be vulnerable, since it will look at both source and destination port and either one match will allow the traffic.