What I am about to say is only a semi-informed opinion. I know the members
of the core WiX team although I wasn't in attendance when this extension was
added, I am confident in my conjectures given my experience in this space
and in the way that the teams that tend to contribute to WiX tend to
operate.

The WiX Firewall Extension is currently written against the APIs offered on
XP SP2 (called "Windows Firewall" on MSDN) without any code to exploit the
features available in the next platform (called "Windows Firewall with
Advanced Security" on MSDN). Thus the APIs, when used on newer firewall
platforms, duplicate the effective functionality that exists in the earlier
firewall platform.

That original firewall API allows generally two kinds of exceptions:
application-based and port-based. Port-based requires selecting the
protocol, application-based opened all protocols. In the "... with Advanced
Security" version of the firewall, application-based exceptions can have
more restrictions (such as protocol you mentioned) which requires using the
interfaces that were introduced with that version. Internally, if you use
the older APIs in the newer firewall the APIs are "translated" into the
newer firewall's architecture, which is why you see two exceptions (there is
only one if you enumerate the rules using the older APIs) in the UI.

The WiX element is properly supported to the extent that the "Windows
Firewall" APIs continue to be supported, since those are the APIs used.
Since XP is still "supported" by MSFT (and since so many are still using
that platform) the usage of the newer APIs hasn't yet been added to this
particular extension.

There was no good reason to write against the earlier APIs (the ones before
XP SP2) since 1) that firewall was "off" by default and virtually no one
ever turned it on (preferring to use some third-party firewall in its place)
usually because they didn't know it existed, and 2) XP pre-SP2 is no longer
supported by MSFT and almost all Microsoft teams ignore unsupported
platforms (as a practical necessity).

-----Original Message-----
From: Will Wright [mailto:will4wri...@yahoo.com] 
Sent: Monday, October 12, 2009 5:23 PM
To: wix-users@lists.sourceforge.net
Subject: [WiX-users] FirewallException support on Windows Server 2008 R2

The documentation for the FirewallException element states that the Firewall
Exception Element "Registers an exception for a program or a specific port
and protocol in the Windows Firewall on Windows XP SP2, Windows Server 2003
SP1, and later".

Should I infer from this description that the Wix element is properly
supported on Windows Server 2008 R2?

The reason that I ask is that when I use the following XML it results in one
firewall exception on Windows Server 2003 and Windows Server 2008, whereas
it results in two exceptions (one for UDP and the other for TCP) on Windows
Server 2008 R2.  I really do not need the UDP exception, only the TCP one,
and had therefore hoped that specifying the Protocol attribute might have
allowed me to restrict the exception, but that appears to have no effect
when used with the Program attribute:

<File Id="Concentrator_EXE" Name="PCMConcentrator.exe" DiskId="1"
Source="$(var.CONCENTRATOR_BIN_DIR)\PCMConcentrator.exe" Vital="yes"
KeyPath="yes">
 <fire:FirewallException Id="Concentrator"
Name="$(var.FW_Concentrator_Exception)" Scope="any" IgnoreFailure="yes"/>
</File>

Also, given that Windows Server 2008 R2 firewall supports three profile
types, i.e. Domain, Private and Public I would like to be able to select all
three items, but the FirewallException Wix element only appears to set the
Public profile irrespective of the value that I choose for the Scope
attribute.

Any direction greatly appreciated.

Thanks,
will


      

----------------------------------------------------------------------------
--
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay 
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
http://p.sf.net/sfu/devconference
_______________________________________________
WiX-users mailing list
WiX-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wix-users


------------------------------------------------------------------------------
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay 
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
http://p.sf.net/sfu/devconference
_______________________________________________
WiX-users mailing list
WiX-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wix-users

Reply via email to