The invention relates to a network security method based on a wireless firewall. In the method, the wireless firewall acts on an MAC (Media Access Control) layer of OSI (Open System Interconnection) and comprises an intrusion detection and prevention module, a first frame hook and a second frame hook, wherein, the intrusion detection and prevention module is positioned in a user space of a system; the first frame hook is connected with a kernel space and the user space of the operating system, one end of the first frame hook is arranged in a wireless LAN (local area network) card driver in the kernel space of the operating system, the other end of the first frame hook is arranged in the user space and is connected with the intrusion detection and prevention module, the first frame hook transfers a frame received by the wireless LAN card driver to the intrusion detection and prevention module, and then the frame is sent back to the driver through the frame hook or is deleted after being processed by the module; and one end of the second frame hook is arranged in the wireless LAN card driver in the kernel space of the operating system, and the other end of the second frame hook is arranged in the user space and is connected with a frame encapsulation module. By adopting the network security method, the hacker attack resistance can be strengthened and the availability of the wireless network is improved.