I been playing with blocking certain websites for known social networking and such in access restrictions, to set up at my friends office for certain employees. So to experiment, I first tried it at home, and I added a few items to the http block list, and I also enabled logging of access connections blocked in the logging information for inbound/outbound traffic. This way I can see whom tried to get to certain websites. Some interesting results... In the logs it shows the ip blocked and the ip src address. for example see starting cut portion of one line Apr 21 01:47:13 unknown user.warn kernel: REJECT IN=br0 OUT=vlan2 SRC=192.168.1.100 DST=184.108.40.206 Now here is the funny part, some sites get blocked in full, but some can still be accessed by IP. For example, cnn.com - I can get to cnn.com by its ip (220.127.116.11) although the dns name is blocked and I can even navigate around via IP. This does not work for all websites, and so far I only found this to be buggy with cnn.com although I only been playing with the feature for 20min. For example it did nto work with [facebook] as it was blocked by its IP. I never visited cnn.com before on this PC, and I know its not cached, also, I was able to navigate through the site by clicking any link within cnn and seeing current info. I was just wondering if anyone else can replicate this, and also, is it a bug?