Middlebox services have historically been hardware appliances that are implemented at one or more points in a network topology in an enterprise or a datacenter. With the advent of software defined networking (SDN) and network virtualization, traditional hardware appliances do not take advantage of the flexibility and control that is provided by SDN and network virtualization. Accordingly, in recent years, some have suggested various ways to provide middlebox services on hosts. Most of these middlebox solutions, however, do not take advantage of the rich-contextual data that can be captured for each data message flow on the host. One reason for this is that existing techniques do not provide an efficient, distributed scheme for filtering the thousands of captured-contextual attributes in order to efficiently process service rules that are defined in terms of much smaller sets of contextual attributes.