OK thanks, but still, can anyone help with decoding the logs anyway please?
What's there to decode? It looks like the iPhones are connecting, via SSL (port 443), to Facebook. The DrayTek is misinterpreting that as a DOS attack.
And then somebody is probably running a tracert on your IP from a server hosted at internap.