摘要： 定义个人防火墙系统应具备的主要功能，其核心技术是网络数据包的过滤。给出Windows系统网络协议分层体系结构，在对OSI参考模型和Windows网络体系结构对比分析的基础上给出实现包过滤的不同技术路线。对各技术路线进行评估，选择SPI作为实现方案，给出使用SPI进行包过滤的技术要点，个人防火墙系统的运行表明其具有较快的包过滤处理性能。

关键词: 个人防火墙, 包过滤, 传输层设备接口过滤驱动程序

Abstract: The main functional attributes of personal firewall system are defined. The core technology for realizing is packets filtering. The Architecture of Window’s Network(AWN) is presented, and on the basis of comparison between OSI and AWN, several solutions of packet filtering are listed. The solution using SPI is selected after reviewing and its key realization points to filter packets are offered. The personal firewall system realized using SPI shows good performance for filter network packets.

Key words: personal firewall, packet filter, transport layer device interface filter driver

中图分类号: 

• TP309