diff --git a/Makefile b/Makefile
index b5aeb30..2c61934 100755
--- a/Makefile
+++ b/Makefile
@@ -21,6 +21,7 @@ run:
 		-d \
 		--name seedpod \
 		--cap-add=NET_ADMIN \
+		--cap-add=NET_RAW \
 		--device=/dev/net/tun \
 		--dns=8.8.8.8 \
 		-p 9091:9091 \
diff --git a/deps/run.sh b/deps/run.sh
index bd38125..a99eefa 100755
--- a/deps/run.sh
+++ b/deps/run.sh
@@ -1,4 +1,18 @@
 #!/bin/ash
 
- openvpn /config.ovpn &
- transmission-daemon --foreground --config-dir /transmission
+
+# add killswitch rules
+iptables -A INPUT -i tun+ -j ACCEPT
+iptables -A OUTPUT -o tun+ -j ACCEPT
+iptables -A INPUT -s 127.0.0.1 -j ACCEPT
+iptables -A OUTPUT -d 127.0.0.1 -j ACCEPT
+iptables -A INPUT -p tcp --dport 9091 -j ACCEPT
+iptables -A OUTPUT -p tcp --sport 9091 -j ACCEPT
+iptables -I OUTPUT 1 -m owner --uid-owner root -p udp --dport 53 -j ACCEPT
+iptables -A OUTPUT -m mark ! --mark 0x1 ! -o tun+ -j DROP
+
+# start openvpn with killswitch whitelist mark
+openvpn --mark 1 --config /config.ovpn &
+
+# start transmission
+transmission-daemon --foreground --config-dir /transmission