Skip to content

FirewallException element (Firewall extension)

Registers an exception for a program or a specific port and protocol in the Windows Firewall. For more information about the Windows Firewall, see Windows Firewall with Advanced Security.

Attributes

Action

FirewallActionTypeUnion

The action for this firewall exception.

Description

string

Description for this firewall rule displayed in Windows Firewall manager.

EdgeTraversal

FirewallEdgeTraversalTypeUnion

Sets the edge traversal of the firewall exception.

Enabled

FirewallYesNoPropertyType

Indicates whether the firewall exception should be enabled.

File

string

Identifier of a File to be granted access through the firewall. By default, all incoming ports and protocols are allowed unless the Port and.or Protocol attributes are specified.

If you use File, you cannot also use Program.

Grouping

string

Grouping for the firewall exception.

IcmpTypesAndCodes

string

ICMP types and codes for the firewall exception.

Id

string

Unique ID of this firewall exception. If the Id is not specified, one will be generated.

IgnoreFailure

wxs:YesNoTypeUnion

If “yes”, failures to register this firewall exception will be silently ignored. If “no” (the default), failures will cause rollback.

Interface

string

Interface for the firewall exception.

InterfaceType

FirewallInterfaceTypeUnion

Interface type for the firewall exception.

IPSecSecureFlags

FirewallIPSecSecureFlagsUnion

IPSec secure flags for the firewall exception.

LocalAppPackageId

string

Local AppPackageId for the firewall exception.

LocalScope

FirewallLocalScopeTypeUnion

Local scope for the firewall exception.

LocalUserAuthorizedList

string

Local user authorized list for the firewall exception.

LocalUserOwner

string

Local user owner for the firewall exception.

Name

string required

Name of this firewall exception, visible to the user in the firewall control panel.

OnUpdate

FirewallOnUpdateTypeUnion

Installation instruction when updating the firewall exception.

Outbound

wxs:YesNoTypeUnion

If “yes”, registers an outbound firewall rule. The default is “no”.

Port

string

Port to allow through the firewall for this exception. By default, any program is allowed access through the port unless a File or Program attribute is specified.

Profile

FirewallProfileTypeUnion

Profile type for this firewall exception. Default is “all”.

Program

string

Path to a target program to be granted access through the firewall. By default, all incoming ports and protocols are allowed unless the Port and.or Protocol attributes are specified.

Note that this is a formatted field, so you can use [#fileId] syntax to refer to a file being installed. If you use Program, you cannot also use File.

Protocol

FirewallProtocolTypeUnion

IP protocol used for this firewall exception. If Port is defined, “tcp” is assumed if the protocol is not specified.

RemoteMachineAuthorizedList

string

Remote machine authorized list for the firewall exception.

RemotePort

string

Remote port for the firewall exception.

RemoteUserAuthorizedList

string

Remote user authorized list for the firewall exception.

Scope

FirewallScopeTypeUnion

The scope of this firewall exception, which indicates whether incoming connections can come from any computer including those on the Internet or only those on the local network subnet. To more precisely specify allowed remote address, specify a custom scope using RemoteAddress child elements.

Service

string

Service for the firewall exception. Cannot be specified when the firewall exception is a child of a service element.

Children

Parents