Lsfw uses the configuration of the network equipments and builds a (light) model of the network described by these equipments.
This allows to probe for access-list matching all over the network, doing routing, fire-walling or packet transformation (such as NAT, but this is not yet implemented).
Lsfw is intended to be easily extended and flexible.
The goal of lsfw is to help network administrators to deal with fire-walling on a huge network. You don't need lsfw if your firewall configuration is around 100 lines. We need it because our firewalls configurations is around 20 000 lines here.
This is beta software because I am not able to ensure that it will work on all configurations. I just can say that it works fine for us…
Anyway, bug reports are welcome and will be resolved as soon as possible.