-A OUTPUT -p tcp --sport 80 -j ACCEPT -m comment --comment "allow yum to get out to the internet over http"
The default is to DROP in all chains, and there are related/established rules set for both INPUT & OUTPUT. This rule works fine on CentOS 6 & 7 but not on 5. Any ideas why there might be a difference?
I cannot understand how that can possibly work on any version. It says that if a connection originates from port 80 then allow it. I do not believe that yum ever makes connections outbound from port 80. To port 80, yes, from port 80 no.
I suspect it's more likely that you have some other rule that is allowing the traffic. Running iptables -nvL would let you check the packet matching counts on the rules and see if that one has ever been hit.