An example of a flow is a TCP connection. A flow is a set of related packets that form part of a conversation. UDP based application layer protocols can be examples of flows where many packets share the same source and destination addresses. In IPv6 there is a header field that is supposed to identify particular flows. However when the standard was released, the suggested correct usage of the flow field was very poorly defined so it has never been used much. There has been some guidance since then. One suggestion is to take source and destination address and ports, if TCP, and the IP protocol number, then take that 5-tuple and hash it all down to n bits, and the result would be your flow id. In the case of the IPv6 flow header iirc n is 20 bits, and if the result is zero then we make it 1, as zero means ‘unused’. Supposedly routers could possibly use this flow id to help with the routing process.
However routers and firewalls might have a firewall id that is any number of bits wide; it could be an index into a table, or an address. Just comparing two calculated or explicitly declared flow ids to see if two packets belong to the same flow (conversation) would be quicker than comparing all the address and port fields (if TCP), and if it’s the same flow then the latest packet would suffer the same fate as the previous one, being blocked or let through, or NATed.
It’s been a long time since I thought about this so I hope that my memory has not failed me.