I would love a more detailed description of what they did and how your firewall works. I know surprisingly little about firewalls and hacking. And i'm bored at work, so... Tell me a story!
Right so, yesterday they were trying to do some SQL injection via the query string and the POST into the code itself or some forms. They tried forcing the include of the passwd files etc.
Doing all their tests, they found a weak spot through which they entered. That weak spot was a trap. Once they were in, they tried getting some data dumped on the output and I blacklisted their IP after giving them an electronic finger.
Round 2 today, they're going for the system layers of the server. Not my part but still pretty funny to watch.