ip addresses blocked by psad
Hi,
I'm trying to figure out how iptables works, and as you'll see I don't know much yet. I'm using fedora core2, and have installed shorewall and psad (Port Scan Attack Detector). I've set psad to block offending ip address. Where do these address get written into the firewall rules? The offending ip addresses and relevant data are logged under /var/log/psad, but I can't find any other file or ruleset file with these various addresses. How does the firewall know to block these addresses?
Thanks to anyone who can point me in the right direction.
Wil Snyder
|