运行 iptables 脚本时无法访问网站！

我编写了保护我的机器的脚本：

#!/bin/bash

ssh=1.1.1.1
http='1.1.1.1 2.2.2.2'

# Clear any previous rules.
iptables -F

# Default drop policy.
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

#iptables -A INPUT  -p tcp -m state --state NEW,ESTABLISHED     -j ACCEPT
#iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP

iptables -N SSH_CHECK
iptables -N HTTP_CHECK
iptables -A INPUT -p tcp --dport 22 -j SSH_CHECK
iptables -A INPUT -p tcp --dport 80 -j HTTP_CHECK
iptables -A INPUT -p tcp --dport 443 -j HTTP_CHECK

iptables -A SSH_CHECK -s $ssh -j ACCEPT -m comment --comment "Allowing $ssh to ssh from his IP"
for web in $http; do
    iptables -A HTTP_CHECK -s $web -j ACCEPT -m comment --comment "Allowing $web to visit my HTTP/S server"
done

#Allowing http[s] from inside to outside
iptables -A OUTPUT -o eth0 -p tcp -m multiport --dports 80,443 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -m multiport --sport 80,443 -m state --state ESTABLISHED -j ACCEPT

#Allow ssh from inside to outside
iptables -A OUTPUT -o eth0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT

#Allow working on localhost
iptables -A INPUT -i lo -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
iptables -A OUTPUT -o lo -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT

#Allow ping from inside to outside
iptables -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT

的输出iptables -L -v是：

Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 SSH_CHECK  tcp  --  any    any     anywhere             anywhere             tcp dpt:ssh
    0     0 HTTP_CHECK  tcp  --  any    any     anywhere             anywhere             tcp dpt:http
    0     0 HTTP_CHECK  tcp  --  any    any     anywhere             anywhere             tcp dpt:https
    0     0 ACCEPT     tcp  --  eth0   any     anywhere             anywhere             multiport sports http,https state ESTABLISHED
    0     0 ACCEPT     tcp  --  eth0   any     anywhere             anywhere             tcp spt:ssh state ESTABLISHED
    0     0 ACCEPT     all  --  lo     any     localhost            localhost           
    0     0 ACCEPT     icmp --  any    any     anywhere             anywhere             icmp echo-reply

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     tcp  --  any    eth0    anywhere             anywhere             multiport dports http,https state NEW,ESTABLISHED
    0     0 ACCEPT     tcp  --  any    eth0    anywhere             anywhere             tcp dpt:ssh state NEW,ESTABLISHED
    0     0 ACCEPT     all  --  any    lo      localhost            localhost           
    0     0 ACCEPT     icmp --  any    any     anywhere             anywhere             icmp echo-request

Chain HTTP_CHECK (2 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  any    any     1.1.1.1              anywhere             /* Allowing 1.1.1.1 to visit my HTTP/S server */
    0     0 ACCEPT     all  --  any    any     2.2.2.2              anywhere             /* Allowing 2.2.2.2 to visit my HTTP/S server */

Chain SSH_CHECK (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  any    any     1.1.1.1              anywhere             /* Allowing 1.1.1.1 to ssh from his IP */

1) 我想使用此策略打开网站，但不能。为什么？我该如何修复它？ 2）当我在脚本中取消注释时，这些规则是什么？

#iptables -A INPUT  -p tcp -m state --state NEW,ESTABLISHED     -j ACCEPT
#iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP