When a user requests a web page, e.g. www.example.com/about-us/history.html.
The server will send them an HTML file, the HTML file will contain elements that subsequently generate many more HTTP requests back to the server e.g.
<script src="./js/app.js"></script><link rel="stylesheet" type="text/css" href="theme.css"><img src="smiley.gif" alt="Smiley face" height="42" width="42">are these subsequent requests categorised by iptables as
?
It will depend on the keepalive status of the connection, and whether they are using SPDY or not.
When you first connect to the website you'll send a NEW packet, once the connected all packets will be ESTABLISHED.
With HTTP 1.0 it used to be the case that every resource required a new TCP connection, so in that case you'd see a new connection starting with a NEW packet for each resource.
However, HTTP 1.1 will reuse connections for later resources, so it's keeps the connection open and simply puts the next HTTP request down the same connection. In that case you'll see an ESTABLISHED packet. But because you can only load resources one at a time in HTTP 1.1 most browsers use multiple simultaneous connections - each one opened with a NEW packet.
SPDY which is looking like it will form the basis of HTTP2 can multiplex down a single connection, so on that case you'll be able to load all your resources, simultaneously down a single TCP connection - hence just one NEW packet to start the connection.
You'll never need to worry about RELATED packets, they are for protocols like FTP which use multiple TCP connections in a coordinated way. HTTP connections don't have to be aware of each other and so don't need to be recognised as related by the firewall.
