diff --git a/pptpd/Dockerfile b/pptpd/Dockerfile
index 3f631da..8b484a4 100644
--- a/pptpd/Dockerfile
+++ b/pptpd/Dockerfile
@@ -16,7 +16,5 @@ COPY pptpd-options /etc/ppp/
 EXPOSE 1723
 
 CMD iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE \
-    && syslogd \
     && pptpd \
-    && sleep 0.1 \
-    && tail -f /var/log/messages
+    && syslogd -n -O /dev/stdout
diff --git a/privoxy/Dockerfile b/privoxy/Dockerfile
index 0588bd6..57c2a6e 100644
--- a/privoxy/Dockerfile
+++ b/privoxy/Dockerfile
@@ -18,5 +18,22 @@ RUN sed -i -e '/^listen-address/s/127.0.0.1/0.0.0.0/' \
 VOLUME /etc/privoxy
 EXPOSE 8118
 
-CMD iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner ! --uid-owner privoxy -j REDIRECT --to-ports 8118 \
+CMD iptables -t filter -P OUTPUT DROP \
+    && iptables -t filter -A OUTPUT -p udp --dport 53 -j ACCEPT \
+    && iptables -t filter -A OUTPUT -p tcp \
+                -m multiport --dports 53,80,443,8118 \
+                -j ACCEPT \
+    && iptables -t filter -A OUTPUT -p tcp \
+                -m state --state ESTABLISHED,RELATED \
+                -j ACCEPT \
+    && iptables -t filter -A OUTPUT -p udp \
+                -m state --state ESTABLISHED,RELATED \
+                -j ACCEPT \
+    && iptables -t filter -A OUTPUT -p tcp \
+                -m owner --uid-owner privoxy \
+                -j ACCEPT \
+    && iptables -t nat -A OUTPUT -p tcp \
+                -m multiport --dports 80,443 \
+                -m owner ! --uid-owner privoxy \
+                -j REDIRECT --to-ports 8118 \
     && gosu privoxy privoxy --no-daemon /etc/privoxy/config