Ged wrote:

James Tabor wrote:

Hi
From IRC some weeks ago. This looks good to me.

http://sourceforge.net/projects/tdifw

Thanks,
James

I've already looked into it, and spoken to the guy who wrote it.
TDI isn't the best place to be sticking a firewall, it's a little high in the network stack.

I plan to implement one as an intermediate NDIS driver, however with the current state of NDIS, this isn't currently possible.

If it's still not possible when we come to needing a firewall, the TDI one will be the next best thing.
Anything is better than using packet filtering via the win2k ipfltdrv.sys

I'm attaching a network model which shows where TDI sits, and where the intermediate driver would sit.

Ged.
  

Hi,

I recommend you read into the WFP (Windows Filter Platform) which will be part of Vista. It's included in the documentation that I've sent you this morning on IRC. Implementing a firewall in TDI is foolish not only because of its place in the stack, but also because of the WPP and Windows Kernel Sockets which will replace TDI in Blackcomb. It would be a waste to focus on a dying technology. NDIS has been done before, but here again, NDIS 6.0 would be recommended.

Personally, I would go with the WFP design...it's a great chance to have some new technology. More information in the documentation I've send and also here: http://www.microsoft.com/whdc/device/network/WFP.mspx

Best regards,
Alex Ionescu