Originally Posted by unclecameron
But if they come back in on Port 80, my rule would've allowed that. Is Yum setup default to use port 80 or 20/21? BTW, your suggestion works, so thanks!
No your rule would not allow that your rule in the INPUT chain allows connections that are coming to a web server on that box.
When you connect to a yum server out side your outbound packets are going out over the OUTPUT chain with a --dport 80 and a high --sport which is a random port selected by the OS
Connections coming back from the outside yum server will have --sport 80 and --dport the high port that was selected when the outbound connection was initiated.
If you allow anything with --sport 80 into your machine that is a problem because i can then initiate my connections from port 80 and get to you. This is the reason we choose to use ESTABLISHED,RELATED this uses the kernels connection tracking to make sure that the connection is a reply to a packet that was sent by your machine not a new connection coming in.