[videobruce]

This may seen like a odd question, but IIRC, Asus (Broadcom) has a page that lists website addresses that have been accesses outside of PC's connected. Eg: Streaming devices and/or DVR's.
Is this just a Broadcom feature/function as I have never seen that on a Atheros based Router?

[videobruce]

IIRC, a Asus RT-N66U that was running dd-wrt (I believe) has that feature, a TP-Link does not. I figured it was a chipset function/feature difference.

I have to admit, it is a 'killer' feature as it works out to be a watchdog with non computers. IOW's when they 'phone home'.

[<Kong>]

Pretty easy to do. Enabled Adblock Proxy in dd-wrt. Now go to /tmp/privoxy copy it's content. After that enable custom conf in adblock copy the contents, add debug flag a+ logfile definition, see sample where I log to /jffs/privoxy/logfile:

confdir /etc/privoxy
logdir /jffs/privoxy/
actionsfile match-all.action
actionsfile default.action
actionsfile /jffs/user.action
filterfile default.filter
filterfile user.filter
logfile logfile
listen-address 192.168.1.1:8118
toggle 1
enable-remote-toggle 0
enable-remote-http-toggle 0
enable-edit-actions 0
buffer-limit 4096
accept-intercepted-requests 1
socket-timeout 30
handle-as-empty-doc-returns-ok 1
forwarded-connect-retries 1
debug 512

But just like on oem firmware, this will not pickup traffic, that goes to non standard web ports, but you could fix/prevent that by allowing no traffic to flow outside to non http/https ports, by just adding some iptable rule, that forces all traffic from certain networks to privoxy.

The best way to control devices is to completely block them and then openup. E.g. what I use for some devices is to not allow any internet traffic, besides some IPs, with a little trick, you can automatically insert the ips to the firewall from the dns name:-)

See this example for instance, device with IP 192.168.1.10 is completely cut off from the internet, it is only allowed to contact the IP behind gogle.com, add such a rule to commands and press save firewall, it will be inserted everytime your wan goes up:

iptables -I FORWARD -s 192.168.1.10 -j DROP
iptables -I FORWARD -s 192.168.1.10 -j LOG
nslookup google.com | grep Address | awk '{ print "iptables -I FORWARD -s 192.168.1.10 -d " $3 " -j ACCEPT"}' | sh

With dd-wrt everything is possible.

[videobruce]

Thanks for that, then is it possible to add this to new builds since I surely would not use the word "easy" in your reply.
Thou I'm more than sure it is for you or anyone close to your caliper, but for most it is not which includes me.

Blocking was not the reason, just logging addresses where these devices connect to was the idea.

Unfortunately, I did not take a screen shot of the page, I wish I did, I would of posted it.