openvpn

How to open access to the service only for Openvpn client?

Good afternoon! The point is this. There is a web service on an external server, on the same server there is an openpvn server. You need to close port 80 for all but openvpn clients. In other words, you need to make nmap -p 80 server_id issue filtred. BUT at the same time, if I connect to vpn, I issued open. I’ll make a reservation right away, I’m a programmer, I understand network administration a little more than very badly, if it’s possible to do this with a couple of rules in iptables, tell me how to write please, if it’s difficult, then tell me at least in which direction to dig, I just can’t find a similar case on the Internet with an explanation of how to do it.
Another such moment, I'm trying to do it on CentOs 7, there is firewalld, can this be done using it, or should I delete it and do it through iptables? Thank you in advance!