LSC is quite a dumb script I wrote when I was just a perl beginner since I got tired of continuously writing ipchains or iptables in my firewalling scripts (never liked ipchains-save&Co.).
It is quite dumb since it just reads the input from a file and then pipes the ``produced'' commands to a shell.
The advantage of using lsc is that it accepts a nested format that allows you to write each ``prefix'' just once, without having to rewrite everything every time and avoiding such boring and hard to track problems due to the cut&paste philosophy (never happened of cutting and pasting firewalling rules and forgetting to change the chain name?). Here is an example input:
##!/bin/bash
lan=eth0
dmz=eth1
iptables {
-P {
OUTPUT ACCEPT
FORWARD DROP
INPUT DROP
}
-N {
lan-dmz
dmz-lan
}
-A FORWARD {
-i $lan -o $dmz -j lan-dmz
-i $dmz -o $lan -j dmz-lan
}
[ . . . ]
}
lan=eth0
dmz=eth1
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
iptables -P INPUT DROP
iptables -N lan-dmz
iptables -N dmz-lan
iptables -A FORWARD -i $lan -o $dmz -j lan-dmz
iptables -A FORWARD -i $dmz -o $lan -j dmz-lan
[. . .]
As you can see, lsc is quite dumb. However, it has some big advantages... for example, as you can see in the example, you can use any shell facility since lsc is just a dumb filter, not an interpreter.
You can find the latest version of this document and the mentioned software at http://www.commedia.it/ccontavalli/. If you have troubles/suggestions/corrections feel free to mail me at <ccontavalli at commedia.it>.