I find too many things like - divert sockets, raw sockets, netfilter etc.,
Is there a big picture that shows where they all fit ?
I intend to develop a firewall driver that has the ability to examine inbound and outbound packets and allow/drop them in a stateful way.
I do not want to use iptables rather write my own driver that hooks my logic to the fate of the packets.
Any pointers ?