As an academic project, I want to develop a firewall that operates at the kernel level, capture all packets and analyse the header for restricted IPs. I also want to demonstrate some content analysis of the packet in real time to show how future IPS systems will work.

I am choosing to use netfilter and have the following questions -

Is there a much lower level (and therefore quicker) way to do this than the netfilter ?

Are there any time/speed/NIC/Wireless Card related constraints with the netfilter approach ?

Please answer these questions.

Thanks,
Rich.