Some detail on why I think you've picked a bad example:
All chains default to accept - Why oh why oh why? Basic security policy is deny unless accepted so set default to drop or reject and only accept on your chosen specific criteria.
Drop by default.
Are you routing or bridging or something? If not, Forward needs no rules and there's no need for the RH-Firewall chains.
Drop by default to leave port scans and unwanted connection attempts to timeout.
Packets from established connections only are accepted so:
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
is all that's needed because everything else is dropped by default, super simple.
Reject by default to give a quick refusal to your client software.
You say you only want HTTP so accept TCP connections to port 80 (and 443 for HTTPS I guess) and hope no one ever needs to get to a http server that's running on a non-standard port.
And DNS on 53.
The problem with output restrictions is that it can be problematic for legitimate users and only an annoyance to a determined attacker who will simply run whatever he wants over the ports you are permitting to a server he controls. You need a http-proxy and internal DNS service to block those holes.
Rusty's HOW-TO is recommended reading: