Architecture - tnodir/fort GitHub Wiki

Driver

Driver is mandatory to work the firewall properly. It uses the WFP to work as "Callout" kernel-mode driver. It doesn't use the standard WFP's "Filtering engine", but implements own engine for flexible custom filtering.

Driver is active when there is a running Service in background or UI Program.

Driver works with Local System (Administrator) privileges.

Service (Optional)

Fort Firewall can be configured to run as a Service in background via Options: Startup. Service controls the Driver, the Database and settings processing from the UI Program.

Service works with Local System (Administrator) privileges.

UI Program

UI Program is used to configure the firewall.

UI Program works with current user privileges.

---

If there is no installed Service, then the UI Program can control the Driver and other settings processing if properly configured by registry setting.