This module defines classes encapsulating service descriptions. The services define how the incoming connection requests are handled. When a connection is accepted by a Rule, the service specified in the Rule creates an instance of itself. This instance handles the connection, and proxies the traffic between the client and the server. It also handles TLS and SSL encryption of the traffic if needed, as configured in the encryption_policy parameter of the service. The instance of the selected service is created using the 'startInstance()' method.

A service is not usable on its own, it needs a Rule to bind the service to a network interface of the firewall and activate it when a matching connection request is received. New instances of the service are started as the Rule accepts new connections.