diff --git a/README.md b/README.md
index ac329cf..a510969 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-## OpenVPN-install
+# OpenVPN-install
 Secure OpenVPN installer for Debian, Ubuntu, CentOS and Arch Linux.
 
 This script will let you setup your own secure VPN server in just a few minutes.
@@ -46,7 +46,9 @@ The only drawback is that you need to use a recent version of OpenVPN, because s
 
 On the client-side, it's less problematic, but if you want to use an OpenVPN server installed with this script with an old client (\<2.3.3), it won't work. However I don't see why you would use an outdated client.
 
-**TL;DR**, this script is relatively secure, and you can just press enter in the setup. 
+**TL;DR**, this script is relatively secure, and you can just press enter in the setup.
+
+**[A Pull Request](https://github.com/Angristan/OpenVPN-install/pull/96) is currently being worked on to implement the latest OpenVPN 2.4 features.**
 
 ## Compatibility
 
@@ -97,6 +99,7 @@ Here are the possibilities :
 - [OpenDNS](https://en.wikipedia.org/wiki/OpenDNS), not recommened but fast wordlwide (Anycast servers)
 - [Google Public DNS](https://en.wikipedia.org/wiki/Google_Public_DNS), not recommended, but fast worldwide (Anycast servers)
 - [Yandex Basic DNS](https://dns.yandex.com/), not recommended, but fast in Russia
+- [AdGuard DNS](https://github.com/AdguardTeam/AdguardDNS), located in Russia, blocks ads and trackers
 - Soon : local resolver :D
 
 Any other fast, trustable and neutral servers proposition is welcome.
diff --git a/openvpn-install.sh b/openvpn-install.sh
index 2844c8c..4635177 100644
--- a/openvpn-install.sh
+++ b/openvpn-install.sh
@@ -23,7 +23,7 @@ if [[ -e /etc/debian_version ]]; then
 	OS="debian"
 	# Getting the version number, to verify that a recent version of OpenVPN is available
 	VERSION_ID=$(cat /etc/os-release | grep "VERSION_ID")
-	RCLOCAL='/etc/rc.local'
+	IPTABLES='/etc/iptables/iptables.rules'
 	SYSCTL='/etc/sysctl.conf'
 	if [[ "$VERSION_ID" != 'VERSION_ID="8"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="9"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="14.04"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="16.04"' ]] && [[ "$VERSION_ID" != 'VERSION_ID="17.04"' ]]; then
 		echo "Your version of Debian/Ubuntu is not supported."
@@ -42,13 +42,11 @@ if [[ -e /etc/debian_version ]]; then
 	fi
 elif [[ -e /etc/centos-release || -e /etc/redhat-release ]]; then
 	OS=centos
-	RCLOCAL='/etc/rc.d/rc.local'
+	IPTABLES='/etc/iptables/iptables.rules'
 	SYSCTL='/etc/sysctl.conf'
-	# Needed for CentOS 7
-	chmod +x /etc/rc.d/rc.local
 elif [[ -e /etc/arch-release ]]; then
 	OS=arch
-	RCLOCAL='/etc/rc.local'
+	IPTABLES='/etc/iptables/iptables.rules'
 	SYSCTL='/etc/sysctl.d/openvpn.conf'
 else
 	echo "Looks like you aren't running this installer on a Debian, Ubuntu, CentOS or ArchLinux system"
@@ -95,7 +93,7 @@ if [[ "$IP" = "" ]]; then
 	IP=$(wget -qO- ipv4.icanhazip.com)
 fi
 # Get Internet network interface with default route
-NIC=$(ip -4 route ls | grep default | grep -Po '(?<=dev )(\S+)')
+NIC=$(ip -4 route ls | grep default | grep -Po '(?<=dev )(\S+)' | head -1)
 
 if [[ -e /etc/openvpn/server.conf ]]; then
 	while :
@@ -168,11 +166,16 @@ if [[ -e /etc/openvpn/server.conf ]]; then
 					firewall-cmd --permanent --zone=trusted --remove-source=10.8.0.0/24
 				fi
 				if iptables -L -n | grep -qE 'REJECT|DROP'; then
-					sed -i "/iptables -I INPUT -p udp --dport $PORT -j ACCEPT/d" $RCLOCAL
-					sed -i "/iptables -I FORWARD -s 10.8.0.0\/24 -j ACCEPT/d" $RCLOCAL
-					sed -i "/iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT/d" $RCLOCAL
+					if [[ "$PROTOCOL" = 'udp' ]]; then
+						iptables -D INPUT -p udp --dport $PORT -j ACCEPT
+					else
+						iptables -D INPUT -p tcp --dport $PORT -j ACCEPT
+					fi
+					iptables -D FORWARD -s 10.8.0.0/24 -j ACCEPT
+					iptables-save > $IPTABLES
 				fi
-				sed -i '/iptables -t nat -A POSTROUTING -s 10.8.0.0\/24 -j SNAT --to /d' $RCLOCAL
+				iptables -t nat -D POSTROUTING -o $NIC -s 10.8.0.0/24 -j MASQUERADE
+				iptables-save > $IPTABLES
 				if hash sestatus 2>/dev/null; then
 					if sestatus | grep "Current mode" | grep -qs "enforcing"; then
 						if [[ "$PORT" != '1194' ]]; then
@@ -238,8 +241,9 @@ else
 	echo "   4) OpenDNS (Anycast: worldwide)"
 	echo "   5) Google (Anycast: worldwide)"
 	echo "   6) Yandex Basic (Russia)"
-	while [[ $DNS != "1" && $DNS != "2" && $DNS != "3" && $DNS != "4" && $DNS != "5" && $DNS != "6" ]]; do
-		read -p "DNS [1-6]: " -e -i 1 DNS
+	echo "   7) AdGuard DNS (Russia)"
+	while [[ $DNS != "1" && $DNS != "2" && $DNS != "3" && $DNS != "4" && $DNS != "5" && $DNS != "6" && $DNS != "7" ]]; do
+		read -p "DNS [1-7]: " -e -i 1 DNS
 	done
 	echo ""
 	echo "Choose which compression algorithm you want to use:"
@@ -514,9 +518,73 @@ else
 		# The we install OpenVPN
 		apt-get update
 		apt-get install openvpn iptables openssl wget ca-certificates curl -y
+		# Install iptables service
+		if [[ ! -e /etc/systemd/system/iptables.service ]]; then
+			mkdir /etc/iptables
+			iptables-save > /etc/iptables/iptables.rules
+			echo "#!/bin/sh
+iptables -F
+iptables -X
+iptables -t nat -F
+iptables -t nat -X
+iptables -t mangle -F
+iptables -t mangle -X
+iptables -P INPUT ACCEPT
+iptables -P FORWARD ACCEPT
+iptables -P OUTPUT ACCEPT" > /etc/iptables/flush-iptables.sh
+			chmod +x /etc/iptables/flush-iptables.sh
+			echo "[Unit]
+Description=Packet Filtering Framework
+DefaultDependencies=no
+Before=network-pre.target
+Wants=network-pre.target
+[Service]
+Type=oneshot
+ExecStart=/sbin/iptables-restore /etc/iptables/iptables.rules
+ExecReload=/sbin/iptables-restore /etc/iptables/iptables.rules
+ExecStop=/etc/iptables/flush-iptables.sh
+RemainAfterExit=yes
+[Install]
+WantedBy=multi-user.target" > /etc/systemd/system/iptables.service
+			systemctl daemon-reload
+			systemctl enable iptables.service
+		fi
 	elif [[ "$OS" = 'centos' ]]; then
 		yum install epel-release -y
 		yum install openvpn iptables openssl wget ca-certificates curl -y
+		# Install iptables service
+		if [[ ! -e /etc/systemd/system/iptables.service ]]; then
+			mkdir /etc/iptables
+			iptables-save > /etc/iptables/iptables.rules
+			echo "#!/bin/sh
+iptables -F
+iptables -X
+iptables -t nat -F
+iptables -t nat -X
+iptables -t mangle -F
+iptables -t mangle -X
+iptables -P INPUT ACCEPT
+iptables -P FORWARD ACCEPT
+iptables -P OUTPUT ACCEPT" > /etc/iptables/flush-iptables.sh
+			chmod +x /etc/iptables/flush-iptables.sh
+			echo "[Unit]
+Description=Packet Filtering Framework
+DefaultDependencies=no
+Before=network-pre.target
+Wants=network-pre.target
+[Service]
+Type=oneshot
+ExecStart=/sbin/iptables-restore /etc/iptables/iptables.rules
+ExecReload=/sbin/iptables-restore /etc/iptables/iptables.rules
+ExecStop=/etc/iptables/flush-iptables.sh
+RemainAfterExit=yes
+[Install]
+WantedBy=multi-user.target" > /etc/systemd/system/iptables.service
+			systemctl daemon-reload
+			systemctl enable iptables.service
+			# Disable firewalld to allow iptables to start upon reboot
+			systemctl disable firewalld
+		fi
 	else
 		# Else, the distro is ArchLinux
 		echo ""
@@ -532,30 +600,12 @@ else
 			echo "Ok, bye !"
 			exit 4
 		fi
-
+		
 		if [[ "$OS" = 'arch' ]]; then
-		# Install rc.local
-		echo "[Unit]
-Description=/etc/rc.local compatibility
-
-[Service]
-Type=oneshot
-ExecStart=/etc/rc.local
-RemainAfterExit=yes
-
-[Install]
-WantedBy=multi-user.target" > /etc/systemd/system/rc-local.service
-			chmod +x /etc/rc.local
-			systemctl enable rc-local.service
-			if ! grep '#!' $RCLOCAL; then
-				echo "#!/bin/bash" > $RCLOCAL
-			fi
-		fi
-
-		# Install dependencies
-		pacman -Syu openvpn iptables openssl wget ca-certificates curl --needed --noconfirm
-		if [[ "$OS" = 'arch' ]]; then
-			touch /etc/iptables/iptables.rules # iptables won't start if this file does not exist
+			# Install dependencies
+			pacman -Syu openvpn iptables openssl wget ca-certificates curl --needed --noconfirm
+			iptables-save > /etc/iptables/iptables.rules # iptables won't start if this file does not exist
+			systemctl daemon-reload
 			systemctl enable iptables
 			systemctl start iptables
 		fi
@@ -566,9 +616,9 @@ WantedBy=multi-user.target" > /etc/systemd/system/rc-local.service
 
 	# Find out if the machine uses nogroup or nobody for the permissionless group
 	if grep -qs "^nogroup:" /etc/group; then
-	        NOGROUP=nogroup
+		NOGROUP=nogroup
 	else
-        	NOGROUP=nobody
+		NOGROUP=nobody
 	fi
 
 	# An old version of easy-rsa was available by default in some openvpn packages
@@ -658,6 +708,10 @@ ifconfig-pool-persist ipp.txt" >> /etc/openvpn/server.conf
 		echo 'push "dhcp-option DNS 77.88.8.8"' >> /etc/openvpn/server.conf
 		echo 'push "dhcp-option DNS 77.88.8.1"' >> /etc/openvpn/server.conf
 		;;
+		7) #AdGuard DNS
+		echo 'push "dhcp-option DNS 176.103.130.130"' >> /etc/openvpn/server.conf
+		echo 'push "dhcp-option DNS 176.103.130.131"' >> /etc/openvpn/server.conf
+		;;
 	esac
 echo 'push "redirect-gateway def1 bypass-dhcp" '>> /etc/openvpn/server.conf
 echo "crl-verify crl.pem
@@ -697,15 +751,10 @@ verb 3" >> /etc/openvpn/server.conf
 	fi
 	# Avoid an unneeded reboot
 	echo 1 > /proc/sys/net/ipv4/ip_forward
-	# Needed to use rc.local with some systemd distros
- 	if [[ "$OS" = 'debian' && ! -e $RCLOCAL ]]; then
- 		echo '#!/bin/sh -e
- exit 0' > $RCLOCAL
-	fi
-	chmod +x $RCLOCAL
 	# Set NAT for the VPN subnet
 	iptables -t nat -A POSTROUTING -o $NIC -s 10.8.0.0/24 -j MASQUERADE
-	sed -i "1 a\iptables -t nat -A POSTROUTING -o $NIC -s 10.8.0.0/24 -j MASQUERADE" $RCLOCAL
+	# Save persitent iptables rules
+	iptables-save > $IPTABLES
 	if pgrep firewalld; then
 		# We don't use --add-service=openvpn because that would only work with
 		# the default port. Using both permanent and not permanent rules to
@@ -797,10 +846,10 @@ verb 3" >> /etc/openvpn/server.conf
 		echo ""
 		echo "Looks like your server is behind a NAT!"
 		echo ""
-                echo "If your server is NATed (e.g. LowEndSpirit, Scaleway, or behind a router),"
-                echo "then I need to know the address that can be used to access it from outside."
-                echo "If that's not the case, just ignore this and leave the next field blank"
-                read -p "External IP or domain name: " -e USEREXTERNALIP
+        echo "If your server is NATed (e.g. LowEndSpirit, Scaleway, or behind a router),"
+        echo "then I need to know the address that can be used to access it from outside."
+        echo "If that's not the case, just ignore this and leave the next field blank"
+        read -p "External IP or domain name: " -e USEREXTERNALIP
 		if [[ "$USEREXTERNALIP" != "" ]]; then
 			IP=$USEREXTERNALIP
 		fi
@@ -835,4 +884,4 @@ verb 3" >> /etc/openvpn/client-template.txt
 	echo "Your client config is available at $homeDir/$CLIENT.ovpn"
 	echo "If you want to add more clients, you simply need to run this script another time!"
 fi
-exit 0;
+exit 0;
\ No newline at end of file