You probably don't need two firewalls. Rules may be applied per network interface. If you really going to do something advanced you may use multiple rtables/rdomains, but probably it is not necessary.
Privoxy is currently less useful than it used to be, because of secure connections (HTTP
S) and HTTP/2 protocol. Maybe try DNS-based blocklists?
https://www.privoxy.org/faq/misc.html#SSL
https://www.privoxy.org/faq/misc.html#HTTP2