Understanding/optimizing iptables for VPN/Proxy Server

Understanding/optimizing iptables for VPN/Proxy Server

This is the output of our iptables-save on our CentOS 6 VPN/Proxy servers
- my questions is, is there anything we can do to optimize these servers
for both TCP and UDP connections ? We run Dante socks5 proxy connections
that use TCP, when the Dante proxys are used at high load the OpenVPN
service seems to crash.
We run Dante, OpenVPN, PPTP and L2TP on each server.
# Generated by iptables-save v1.4.7 on Wed Aug 21 06:23:09 2013
*nat :PREROUTING ACCEPT [10581:686383] :POSTROUTING ACCEPT [7:400] :OUTPUT
ACCEPT [2544:188735]
-A POSTROUTING -o eth0 -j MASQUERADE
-A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
-A POSTROUTING -s 10.9.0.0/24 -o eth0 -j MASQUERADE COMMIT
# Completed on Wed Aug 21 06:23:09 2013
# Generated by iptables-save v1.4.7 on Wed Aug 21 06:23:09 2013
*filter :INPUT ACCEPT [1304465285:112626161732] :FORWARD ACCEPT
[3375699083:2335696928358] :OUTPUT ACCEPT [39402000962:32075933415712]
-A INPUT -i eth0 -p tcp -m tcp --dport 1723 -j ACCEPT
-A INPUT -i eth0 -p gre -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 1701 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 4500 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 500 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 1701 -j ACCEPT
-A FORWARD -m string --string "BitTorrent protocol" --algo bm --to 65535
-j DROP
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS
--clamp-mss-to-pmtu
-A FORWARD -i ppp+ -o eth0 -j ACCEPT
-A FORWARD -i eth0 -o ppp+ -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 143 -j DROP
-A OUTPUT -p tcp -m tcp --dport 110 -j DROP
-A OUTPUT -p tcp -m tcp --dport 587 -j DROP
-A OUTPUT -p tcp -m tcp --dport 465 -j DROP
-A OUTPUT -p tcp -m tcp --dport 25 -j DROP COMMIT