Skip to main content

FirewallException element (Firewall extension)

Registers an exception for a program or a specific port and protocol in the Windows Firewall. For more information about the Windows Firewall, see Windows Firewall with Advanced Security.

Parents

Component, File

Children

Attributes

Description (String) : Description for this firewall rule displayed in Windows Firewall manager.

File (String) : Identifier of a File to be granted access through the firewall. By default, all incoming ports and protocols are allowed unless the Port and.or Protocol attributes are specified.

If you use File, you cannot also use Program.

Id (String) : Unique ID of this firewall exception. If the Id is not specified, one will be generated.

IgnoreFailure (wxs:YesNoTypeUnion) : If "yes", failures to register this firewall exception will be silently ignored. If "no" (the default), failures will cause rollback.

Name (String, required) : Name of this firewall exception, visible to the user in the firewall control panel.

Outbound (wxs:YesNoTypeUnion) : If "yes", registers an outbound firewall rule. The default is "no".

Port (String) : Port to allow through the firewall for this exception. By default, any program is allowed access through the port unless a File or Program attribute is specified.

Profile (enumeration) : Profile type for this firewall exception. Default is "all". This attribute's value must be one of the following:

  • domain
  • private
  • public
  • all

Program (String) : Path to a target program to be granted access through the firewall. By default, all incoming ports and protocols are allowed unless the Port and.or Protocol attributes are specified.

Note that this is a formatted field, so you can use [#fileId] syntax to refer to a file being installed. If you use Program, you cannot also use File.

Protocol (enumeration) : IP protocol used for this firewall exception. If Port is defined, "tcp" is assumed if the protocol is not specified. This attribute's value must be one of the following:

  • tcp
  • udp

Scope (enumeration) : The scope of this firewall exception, which indicates whether incoming connections can come from any computer including those on the Internet or only those on the local network subnet. To more precisely specify allowed remote address, specify a custom scope using RemoteAddress child elements. This attribute's value must be one of the following:

  • any
  • localSubnet

Edit the schema for this page