From 5ca78aa5079b5a9a5a4d35ea4fc151af56c4bdbe Mon Sep 17 00:00:00 2001
From: kev <vimagick@gmail.com>
Date: Mon, 29 Jun 2015 03:57:52 +0800
Subject: [PATCH] update

---
 pptpd/Dockerfile   |  4 +---
 privoxy/Dockerfile | 19 ++++++++++++++++++-
 2 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/pptpd/Dockerfile b/pptpd/Dockerfile
index 3f631da..8b484a4 100644
--- a/pptpd/Dockerfile
+++ b/pptpd/Dockerfile
@@ -16,7 +16,5 @@ COPY pptpd-options /etc/ppp/
 EXPOSE 1723
 
 CMD iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE \
-    && syslogd \
     && pptpd \
-    && sleep 0.1 \
-    && tail -f /var/log/messages
+    && syslogd -n -O /dev/stdout
diff --git a/privoxy/Dockerfile b/privoxy/Dockerfile
index 0588bd6..57c2a6e 100644
--- a/privoxy/Dockerfile
+++ b/privoxy/Dockerfile
@@ -18,5 +18,22 @@ RUN sed -i -e '/^listen-address/s/127.0.0.1/0.0.0.0/' \
 VOLUME /etc/privoxy
 EXPOSE 8118
 
-CMD iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner ! --uid-owner privoxy -j REDIRECT --to-ports 8118 \
+CMD iptables -t filter -P OUTPUT DROP \
+    && iptables -t filter -A OUTPUT -p udp --dport 53 -j ACCEPT \
+    && iptables -t filter -A OUTPUT -p tcp \
+                -m multiport --dports 53,80,443,8118 \
+                -j ACCEPT \
+    && iptables -t filter -A OUTPUT -p tcp \
+                -m state --state ESTABLISHED,RELATED \
+                -j ACCEPT \
+    && iptables -t filter -A OUTPUT -p udp \
+                -m state --state ESTABLISHED,RELATED \
+                -j ACCEPT \
+    && iptables -t filter -A OUTPUT -p tcp \
+                -m owner --uid-owner privoxy \
+                -j ACCEPT \
+    && iptables -t nat -A OUTPUT -p tcp \
+                -m multiport --dports 80,443 \
+                -m owner ! --uid-owner privoxy \
+                -j REDIRECT --to-ports 8118 \
     && gosu privoxy privoxy --no-daemon /etc/privoxy/config