Anonymity in important for many people. Few years ago, it was problematic issue only for hackers, human rights workers and anonymity freaks. They want to keep they identity in secret for obvious reasons. They were traced only by law enforcement agencies and government. Today everything is much more difficult. Hundreds of advertising agencies trying to reveal identity of people to target their commercials better.
Web browser can give them so many information. For example in which languages you speak (browser shares your language preferences with sites you visit)., in which city you live (this can be obtained from IP), how big is your computer display (web page can get your display resolution), what video player or office suite you have installed (they can query installed browser plugins) and much more...
Wczorajsza awaria u mojego providera, która trwa do dziś (i podobno potrwa do 21:00) uświadomiła mi, że modemy kablowe to nie jedyny sposób łączenia się z Internetem. Większość współczesnych telefonów posiada interfejsy bezprzewodowe Bluetooth i IrDA oraz GPRS i CSD. Korzystając z komputera z adapterem Bluetooth (np. na USB) i telefonu możemy zestawić połączenie z Internetem przez publiczny APN. W Polsce każdy operator GSM posiada APN poprzez który można łączyć się z internetem.
I decided to restrict Internet access from my LAN to known IP/MAC pairs only. Primary to block Internet access from my PS3, virtual machines and computers that do not need it. Simplest way to achieve this on Linux: filter packet coming from LAN interface in FORWARD chain.
On OpenWRT custom firewall rules can be defined in /etc/firewall.user. Before creating rules we need some method to create and (easily) maintain IP/MAC pairs. I decided t use /etc/ethers and /etc/hosts that already contains MACs, hostnames nad IPs (used by dnsmasq).