iptables -F
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
iptables -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT
#openvpn virtual server (change 11.22.33.44 for your vpn IP )
iptables -t nat -A POSTROUTING -j SNAT --to-source 11.22.33.44
iptables -A INPUT -p udp --dport 1194 -j ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P INPUT DROP
iptables-save | sudo tee /etc/sysconfig/iptables
Editar:
In CentOS you have the file /etc/sysconfig/iptables if you dont have it there, you can create it simply by using iptables-save to dump the current rule set into a file.
iptables-save > /etc/sysconfig/iptables
To load the file you don't need to restart the machine, you can use iptables-restore
iptables-restore < /etc/sysconfig/iptables