Fedora Users — Bridging Firewall

I have a bridging firewall setup (No NAT/MASQ). My iptables are working, but something is a little off. I allow connections to the internet, DNS with all established,related connections accepted, but for some reason my default policies (all of them are DROP) are not working. I can access my webserver from outside the firewall and I should not be able to. Here's what I have.

 sub1="x.x.x.0/23"

 ### Flush tables
 iptables -F
 iptables -X
 iptables -Z

 ### Policies
 iptables -P INPUT DROP
 iptables -P OUTPUT DROP
 iptables -P FORWARD DROP

 ### Loopback
 iptables -A INPUT -i lo -j ACCEPT
 iptables -A OUTPUT -o lo -j ACCEPT

### DNS iptables -A FORWARD -m state --state NEW -s $sub1 -p UDP --dport 53 -j ACCEPT

### HTTP iptables -A FORWARD -m state --state NEW -s $sub1 -p TCP -m multiport --dport 80,443 -j ACCEPT ## to block access to the webserver that's sitting behind the firewall I have to add this to this ## script if I don't I can get to the webserver #iptables -A FORWARD -p TCP -d $sub1 --dport 80 -j DROP

 ### Accept established connections
 iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT