Re: IP Packet Filter

Hi Skywing


To begin with, you message alone can provide all info one needs in order to
compare reliability of NDIS-level solution and filtering API - you have
mentioned \Device\IPFILTERDRIVER. In other words, user-mode IP filtering is
EXACTLY the same thing as kernel-mode filter hook driver. If you look in the
registry, you will see that Ipfilter is demand-start and stoppable service,
so that your "solution" can be disabled on the fly simply by stopping the
service

Firewall-hook driver could be a better option -at least it registers itself
with IP itself, rather than Ipfilter. However, according to MSDN, even this
solution is unreliable because of being at too high level in the system
hierarchy, so that MSDN recommends NDIS IM for packet filtering

Regards

Anton Bassov
.

Relevant Pages

  • Re: IS IPfilter available for Windows?
    ... Not IPFilter, but something equivalent to ipchains filtering stuff is ... Ne sous estime pas le côté obscure du net... ... qu'ils mettent un peu plus de lumière parce que là, ...
    (comp.security.firewalls)
  • SUMMARY: tru64 port based filtering with ifaccess.conf?
    ... If you want to do port based filtering on Tru64 version 5.x, ... IPFilter is the product you want. ... two interfaces running the transparent bridging code + netfilter. ... The bridging code is in the mainstream kernels but adding the filtering ...
    (Tru64-UNIX-Managers)
  • Re: Solaris Express b72 and IPFilter
    ... > However, one thing seems to be given me problems: IPFilter, both filtering ... > Rules will load, but IPF seems disconnected from the IP traffic. ...
    (comp.unix.solaris)
  • Re: Solaris 10: sunscreen vs ?
    ... |"Solaris 10 OS includes an enterprise firewall with IP filtering.". ... |Does it refer to ipfilter? ... A modified version of ipfilter. ...
    (comp.unix.solaris)