Okay, firstly, yep sort out why /usr/local/local existed, sounds like a mv
done wrongly somewhere along the lines, and yes run chkrootkits' and have a
look at who's been logged in from where and why. Usual stuff.
Onto ipchains, yes portsentry uses ipchains (if it can, portsentry can drop
routes in other ways, but ipchains is the best to do this) so you do have it
up and running on the raq.
Do an:
# ipchains -L
and it will list all the rules and settings currently stored.
If you're just running portsentry, chances are there will be few lines, and
all under the chain input
To unblock somebody, find the rule you want to delete and type:
# ipchains -D input 1
Note : ipchains works from number 0 upwards, so the top rule is 0, next 1,
etc..
Also be worth checking in /etc/hosts.deny as it also writes a line in there to
stop the ip using tcpwrapped programs too.