From owner-freebsd-questions@FreeBSD.ORG  Mon May 21 17:19:56 2012
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id B85D5106567B
	for <freebsd-questions@freebsd.org>;
	Mon, 21 May 2012 17:19:56 +0000 (UTC) (envelope-from paul@ifdnrg.com)
Received: from ifdnrg30.ifdnrg.com (ifdnrg30.ifdnrg.com [193.200.98.50])
	by mx1.freebsd.org (Postfix) with ESMTP id 5324A8FC0A
	for <freebsd-questions@freebsd.org>;
	Mon, 21 May 2012 17:19:56 +0000 (UTC)
Received: from [192.168.1.75] (93-97-172-73.zone5.bethere.co.uk [93.97.172.73])
	(authenticated bits=0)
	by ifdnrg30.ifdnrg.com (8.14.5/8.14.4) with ESMTP id q4LHJrmh001337
	(version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO);
	Mon, 21 May 2012 18:19:53 +0100 (BST) (envelope-from paul@ifdnrg.com)
Message-ID: <4FBA7935.7090000@ifdnrg.com>
Date: Mon, 21 May 2012 18:19:49 +0100
From: Paul Macdonald <paul@ifdnrg.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64;
	rv:12.0) Gecko/20120428 Thunderbird/12.0.1
MIME-Version: 1.0
To: Michael Sierchio <kudzu@tenebras.com>
References: <20120521120027.716761065686@hub.freebsd.org>
	<20120521232412.B98171@sola.nimnet.asn.au>
	<4FBA5FB3.5010900@ifdnrg.com>
	<CAHu1Y719HRS2-tNKTZa5qaeyG78F6KXKrTEkphF9PYSGfPBGNw@mail.gmail.com>
	<4FBA66DA.7040902@ifdnrg.com>
In-Reply-To: <4FBA66DA.7040902@ifdnrg.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: Ian Smith <smithi@nimnet.asn.au>, freebsd-questions@freebsd.org
Subject: Re: ipfw subnetting
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 21 May 2012 17:19:56 -0000

On 21/05/2012 17:01, Paul Macdonald wrote:
> On 21/05/2012 16:44, Michael Sierchio wrote:
>> On Mon, May 21, 2012 at 8:30 AM, Paul Macdonald<paul@ifdnrg.com>  wrote:
>>
>>> A very open firewall test script is as follows:
>>>

this is now resolved, i hadn't realised (embarrassingly) that ipfw list 
will show rules if if the fw is disabled.
at some point during debugging i think i'd disabled the firewall and not 
re-enabled, and on seeing rules listed assumed it was actually on

this was web traffic, coming in from 5-6 very wide ranges, with a 
referrer of  http://bdsclickcenter.com/en/surf/view/75967
Not sure why they've become interested in one of my clients sites, but 
they have probably hit the server from several 100k ip's.
mod_rewrite has been serving them 403's for over 24 hrs, but that 
doesn't seem to bother them!

thanks to those who took the time to help.




-- 
-------------------------
Paul Macdonald
IFDNRG Ltd
Web and video hosting
-------------------------
t: 0131 5548070
m: 07970339546<<PLEASE NOTE NEW MOBILE<<
e: paul@ifdnrg.com
w: http://www.ifdnrg.com
-------------------------
IFDNRG
40 Maritime Street
Edinburgh
EH6 6SA
-------------------------