What I am about to say is only a semi-informed opinion. I know the members of the core WiX team although I wasn't in attendance when this extension was added, I am confident in my conjectures given my experience in this space and in the way that the teams that tend to contribute to WiX tend to operate.
The WiX Firewall Extension is currently written against the APIs offered on XP SP2 (called "Windows Firewall" on MSDN) without any code to exploit the features available in the next platform (called "Windows Firewall with Advanced Security" on MSDN). Thus the APIs, when used on newer firewall platforms, duplicate the effective functionality that exists in the earlier firewall platform. That original firewall API allows generally two kinds of exceptions: application-based and port-based. Port-based requires selecting the protocol, application-based opened all protocols. In the "... with Advanced Security" version of the firewall, application-based exceptions can have more restrictions (such as protocol you mentioned) which requires using the interfaces that were introduced with that version. Internally, if you use the older APIs in the newer firewall the APIs are "translated" into the newer firewall's architecture, which is why you see two exceptions (there is only one if you enumerate the rules using the older APIs) in the UI. The WiX element is properly supported to the extent that the "Windows Firewall" APIs continue to be supported, since those are the APIs used. Since XP is still "supported" by MSFT (and since so many are still using that platform) the usage of the newer APIs hasn't yet been added to this particular extension. There was no good reason to write against the earlier APIs (the ones before XP SP2) since 1) that firewall was "off" by default and virtually no one ever turned it on (preferring to use some third-party firewall in its place) usually because they didn't know it existed, and 2) XP pre-SP2 is no longer supported by MSFT and almost all Microsoft teams ignore unsupported platforms (as a practical necessity). -----Original Message----- From: Will Wright [mailto:will4wri...@yahoo.com] Sent: Monday, October 12, 2009 5:23 PM To: wix-users@lists.sourceforge.net Subject: [WiX-users] FirewallException support on Windows Server 2008 R2 The documentation for the FirewallException element states that the Firewall Exception Element "Registers an exception for a program or a specific port and protocol in the Windows Firewall on Windows XP SP2, Windows Server 2003 SP1, and later". Should I infer from this description that the Wix element is properly supported on Windows Server 2008 R2? The reason that I ask is that when I use the following XML it results in one firewall exception on Windows Server 2003 and Windows Server 2008, whereas it results in two exceptions (one for UDP and the other for TCP) on Windows Server 2008 R2. I really do not need the UDP exception, only the TCP one, and had therefore hoped that specifying the Protocol attribute might have allowed me to restrict the exception, but that appears to have no effect when used with the Program attribute: <File Id="Concentrator_EXE" Name="PCMConcentrator.exe" DiskId="1" Source="$(var.CONCENTRATOR_BIN_DIR)\PCMConcentrator.exe" Vital="yes" KeyPath="yes"> <fire:FirewallException Id="Concentrator" Name="$(var.FW_Concentrator_Exception)" Scope="any" IgnoreFailure="yes"/> </File> Also, given that Windows Server 2008 R2 firewall supports three profile types, i.e. Domain, Private and Public I would like to be able to select all three items, but the FirewallException Wix element only appears to set the Public profile irrespective of the value that I choose for the Scope attribute. Any direction greatly appreciated. Thanks, will ---------------------------------------------------------------------------- -- Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference _______________________________________________ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference _______________________________________________ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users
