The flow keyword is used in conjunction with TCP stream reassembly (see Section 2.2.2). It allows rules to only apply to certain directions of the traffic flow.
This allows rules to only apply to clients or servers. This allows packets related to $HOME_NET clients viewing web pages to be distinguished from servers running in the $HOME_NET.
The established keyword will replace the flags:+A used in many places to show established TCP connections.