Base Filtering Engine (Service) [Filtering]
The Base Filtering Engine (BFE) is the service that coordinates the filtering platform components.
The service has the following roles:
- Accept filters and other configuration settings for the filtering platform.
- Report the current state of the system, including statistics.
- Enforce the security model for accepting configuration in the filtering platform. For example, a local administrator can add filters but other users can only view them.
- Provide arbitration between different configuration sources. For example, determining priority when an application is configured to secure any network traffic related to it, but the local firewall is configured to prevent application secured traffic.
- Detect filter conflicts and resolve them. For example, a filter cannot prevent an application from using a network if another filter exists that permits it.
- Plumb configuration settings to other modules in the system. For example, IPSec negotiation polices go to IKE, filters go to the filter engine.
- Pre-process filters. To optimize filter lookup time, the whole set of filters may be precompiled into a set of high performance lookup indices before being applied to a filter engine.