1

We're using the firewall extension to add firewall exceptions during the installation of our application:

<DirectoryRef Id="APPLICATIONFOLDER">
  <Component Id="cmp_FirewalRules" Guid="{xx}" KeyPath="yes">
    <fw:FirewallException Id="xx" Name="xx" Port="123" Protocol="tcp" Scope="any" Profile="all" IgnoreFailure="yes" />
  </Component>
</DirectoryRef>

Every package is a MajorUpgrade with Schedule="afterInstallInitialize".

Our problem is that the firewall rules are removed and created from scratch when an update is installed. So if for some reason the user decided to deactivate the firewall rule, it will be activated again after an update is installed.

It might be that Schedule="afterInstallExecute" avoids this problem. However this is not really an option.

Is there any way to prevent the firewall rules from being removed and created from scratch in the case of a reinstall?

I realize that this is a variation on a common WiX question. We've overcome similar problems for desktop shortcuts and Windows Service settings, but not for firewall rules.

What I tried:

  • I tried to use an empty GUID, this does not work, the rule is still overwritten. Worse, it's not removed during uninstall (as expected).
  • I tried various conditions on the component but realized that they are of no relevance during the uninstall that happens in the case of a major upgrade.

We had the same problem with keeping the Windows Service configuration in case of a major upgrade. This was solved by disabling DeleteServices in the InstallExecuteSequence in case of a reinstall (like here). Maybe there is something similar for firewall rules, but I did not manage to find it.

Any suggestions?

Andreas
  • 1,751
  • 2
  • 14
  • 25
  • A quick idea: Move the component "cmp_FirewalRules" into its own feature. Set `MajorUpgrade` attribute `RemoveFeatures` to include all features except the one that contains "cmp_FirewalRules". This way the firewall rules will be uninstalled during regular uninstall, but will be kept during major upgrade. Make sure the component has a stable GUID and add a registry key path so that the new version won't reinstall the component. – zett42 Aug 07 '19 at 12:36
  • On a 2nd thought, this is propably not what you want. Using `RemoveFeature` you don't uninstall the old version, you just _configure_ it, so other junk will be left in the registry. We need a different way to do this. – zett42 Aug 07 '19 at 18:15
  • I don't think this will work. See this answer by Rob Mensching himself: https://stackoverflow.com/questions/15638632/how-to-use-majorupgrade-and-removefeatures-to-remove-only-specific-features-and – Andreas Aug 08 '19 at 13:11
  • Exactly what I concluded by myself. Maybe you should move FW configuration from the setup to the 1st launch of the application then. You could store whether you already asked in a registry key that won't be deleted on uninstall. – zett42 Aug 08 '19 at 13:19

0 Answers0