There are several options if you are looking to create a firewall. This list is by no means complete, just as a reference for myself basically : )

1. NDIS driver (Protocol - implements a protocol, Intermediate Level - can do filtering,translations, and packet scheduling and Miniport drivers - the final level that actually talks to the nic) - Best but most difficult

2. TDI filter driver - decent, can be circumvented via RawIp

3. Layered Service Provider - can be circumvented easily.

4. Winsock Hooks (pain to implement, can be circumvented fairly easily)

5. Filter-hook driver (only one allowed on a system - if another app uses it - you are out of luck) Cant access data

uses IOCTL_PF_SET_EXTENSION_POINTER with IoBuildDeviceIoControlRequest();

6. Firewall hook driver (relatively undocumented way -  see http://www.codeproject.com/internet/FwHookDrv.asp) Not recommended by MS. More difficult to modify data than TDI as its pretty undocumented

From Microsoft:

It is not recommended to implement a firewall-hook driver (or firewall driver) for Microsoft Windows XP and later versions of the operating system.

The Microsoft Windows 2000 DDK introduced the concept of a firewall-hook driver. The intent of a firewall-hook driver was to manage network packets that were sent and received across a firewall in the context of the TCP/IP protocol. A firewall is a control system that prevents unauthorized users from gaining access to a local network that is connected to the Internet.

A firewall-hook driver did not meet firewall requirements because it ran too high in the network stack. A firewall-hook driver could also interfere with the operations of Internet Connection Sharing (ICS) or a personal firewall implementation.

To provide firewall functionality on Windows XP and later, you should create an NDIS intermediate miniport driver to manage packets sent and received across a firewall. For information on creating an NDIS intermediate miniport driver, see NDIS Intermediate Drivers.