Spotlight on the Windows Filtering Platform

Windows Filtering Platform (WFP) is a new architecture introduced in Windows Vista and Windows Server 2008. WFP allows independent software vendors (ISVs) to filter and modify TCP/IP packets, monitor or authorize connections, filter Internet Protocol security (IPsec)-protected traffic, and filter remote procedure calls (RPCs). With WFP, you can examine or modify outgoing and incoming packets within various points in the TCP/IP packet processing path and more easily create firewalls, antivirus software, diagnostic software, and other types of applications and services.

Note: WFP is not a firewall. It is a set of system services and user-mode and kernel-mode APIs that enable you to develop firewalls and other connection-monitoring or packet-processing software. For example, Windows Firewall with Advanced Security in Windows Vista and Windows Server 2008 uses WFP.

If you create your packet-processing components with WFP, the advantages are higher performance, a built-in filtering engine for both Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6) traffic, less programming complexity, built-in diagnostic support, and a strong security framework in which correctly configured filters cannot be bypassed.

To get started learning about WFP, see the Windows Filtering Platform WHDC article (written by yours truly :>). See the “Resources” section at the end for links to MSDN content and community resources.

WFP has been updated for Windows 7 and Windows Server 2008 R2. Check out this whitepaper for the details. For example, there is a new set of commands in the wfp context of the Network Shell (Netsh) command-line tool to do the following:

• Display all the effective filters

• Display recent network events, such as packet drops

• Display the current state of WFP and IPsec

Enjoy!

Joe Davies
Principal Technical Writer
Windows Server Networking Documentation Team