I realized the net control its done by implementing a firewall-hook driver… the idea is to make a function filter that it is called when its revieved a package and discarded/accepted depends on the logic of the function filter. It uses ipfirewall.h wich was introduced in Win 2000 DDK … so this is a case of “functions added in Windows 2000 kernel and missed in NT4”, isnt it?
Firewall hook driver was added in Windows 2000 and you are right that you can’t use it under Windows NT. Actually there are two options to implement firewall in Windows NT:
1) NDIS IM driver
2) NDIS hooking driver
NDIS IM is pain in Windows NT, this type of driver was improved only with Windows 2000 release. So I would recommend NDIS hooking one. Implementing such type of driver from the scratch is not easy task and you better find something ready, like WinpkFilter.