Firewall, as one kind of network security device, is widely used in all kinds of networks and personal computers. This paper focus on the package filter technology of firewall in kernel layer, an intensive study of Windows operating system architecture and NDIS intermediate driver operating principle also has been made. On this basis, an scheme of personal firewall system based on NDIS intermediate driver has been designed, which include filter driver and UI application in kernel mode and user mode respectively.