Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Firewall Extension does not handle port or protocol changes across change and repair #5869
The wix firewall extension does not work correctly across change/repair, and is likely broken in some upgrade scenarios as well. Port and protocol do not update when new values are passed to the custom action. Essentially I have the issue described here: #5675
If this issue is a bug:
Add a firewall exception, to your wix source, e.g.
See the comment on this issue: #5675 (comment). The code only re-enables a disabled rule, it does not perform other updates.
changed the title
Bug: Wix Firewall Extension does not handle port or protocol changes across change and repair
Sep 13, 2018
@chrpai This is not about remembering the old property, this is about honoring the values that are passed in when the component is reinstalled (for example).
Under the current implementation, if do a clean install with MY_PORT=443, I get a firewall rule called "MyRule" for tcp/443. If I then run repair with MY_PORT=5000, the component will say that it is installing with the new port value, but the firewall rule will not be changed. Port 443 will still be open, 5000 will be blocked.
In my own project I ended up supporting the behavior we needed entirely through custom actions.
I believe (but haven't executed the code!) that it will keep 442 open.
The underlying problem is that the firewall API only does lookup by the rule name. I appreciate that there are probably backward compatibility concerns with what I'm asking for here. If I understand the code correctly then it seems like nothing will get installed if there is a name collision, even with a clean install.
Scope of firewall rules is also affected.
So it seems that there is a generally issue with overwriting of existing rules by msi packages. Not sure if this an issue with WiX or with Implementation in Windows.