A defensive filter has either a global or stack-specific scope.
When a defensive filter is created, the DMD installs the defensive filter in the eligible stacks and maintains a copy of the filter. The DMD maintains a persistent record of all active defensive filters, global and stack-specific, and the stacks into which those filters are installed.
This persistence enables the DMD to maintain the correct set of installed defensive filters across startup and shutdown activities for TCP/IP stacks, as well as across startup and shutdown of the DMD itself. If the DMD is already running when an eligible TCP/IP stack starts, the DMD installs all applicable defensive filters, global and stack-specific, to that stack. If, when the DMD starts up, it detects that eligible stacks are already running, it ensures that they have or receive the correct set of defensive filters.
After a global defensive filter is created and installed in one or more stacks, you can update it as a global filter, resulting in all copies of the filter being updated. You can also update it in an individual TCP/IP stack, resulting in only that stack's copy of the filter being updated. Similarly, you can delete a global defensive filter globally or only from an individual TCP/IP stack.