change firewall extension table name to Wix5FirewallException

author: chris_bednarski <Chris.Bednarski@minfos.com.au> 2023-08-26 18:51:38 +1000
committer: Bob Arnson <github@bobs.org> 2023-11-19 12:17:13 -0500
commit: 80e604761b4f43b9b79a4878fcae360b071a7c35 (patch)
tree: 9ca40a1d60a2ef1a5a1a426382356ae8b7cf9868
parent: 6e974490eeabc9a3728aa2fb9ad07e8a5adf4fb6 (diff)
download: wix-80e604761b4f43b9b79a4878fcae360b071a7c35.tar.gz
wix-80e604761b4f43b9b79a4878fcae360b071a7c35.tar.bz2
wix-80e604761b4f43b9b79a4878fcae360b071a7c35.zip
15 files changed, 552 insertions, 67 deletions
diff --git a/src/ext/Firewall/ca/firewall.cpp b/src/ext/Firewall/ca/firewall.cpp
index 2a1ef825..eed6f9df 100644
--- a/src/ext/Firewall/ca/firewall.cpp
+++ b/src/ext/Firewall/ca/firewall.cpp
@@ -3,7 +3,7 @@
 #include "precomp.h"
 LPCWSTR vcsFirewallExceptionQuery =
-    L"SELECT `Name`, `RemoteAddresses`, `Port`, `Protocol`, `Program`, `Attributes`, `Profile`, `Component_`, `Description`, `Direction` FROM `Wix4FirewallException`";
+    L"SELECT `Name`, `RemoteAddresses`, `Port`, `Protocol`, `Program`, `Attributes`, `Profile`, `Component_`, `Description`, `Direction` FROM `Wix5FirewallException`";
 enum eFirewallExceptionQuery { feqName = 1, feqRemoteAddresses, feqPort, feqProtocol, feqProgram, feqAttributes, feqProfile, feqComponent, feqDescription, feqDirection };
 enum eFirewallExceptionTarget { fetPort = 1, fetApplication, fetUnknown };
 enum eFirewallExceptionAttributes { feaIgnoreFailures = 1 };
@@ -49,15 +49,15 @@ static UINT SchedFirewallExceptions(
    ExitOnFailure(hr, "Failed to initialize");
    // anything to do?
-    if (S_OK != WcaTableExists(L"Wix4FirewallException"))
+    if (S_OK != WcaTableExists(L"Wix5FirewallException"))
    {
-        WcaLog(LOGMSG_STANDARD, "Wix4FirewallException table doesn't exist, so there are no firewall exceptions to configure.");
+        WcaLog(LOGMSG_STANDARD, "Wix5FirewallException table doesn't exist, so there are no firewall exceptions to configure.");
        ExitFunction();
    }
    // query and loop through all the firewall exceptions
    hr = WcaOpenExecuteView(vcsFirewallExceptionQuery, &hView);
-    ExitOnFailure(hr, "Failed to open view on Wix4FirewallException table");
+    ExitOnFailure(hr, "Failed to open view on Wix5FirewallException table");
    while (S_OK == (hr = WcaFetchRecord(hView, &hRec)))
    {
@@ -150,7 +150,7 @@ static UINT SchedFirewallExceptions(
    {
        hr = S_OK;
    } 
-    ExitOnFailure(hr, "failure occured while processing Wix4FirewallException table");
+    ExitOnFailure(hr, "failure occured while processing Wix5FirewallException table");
    // schedule ExecFirewallExceptions if there's anything to do
    if (pwzCustomActionData && *pwzCustomActionData)
@@ -159,16 +159,16 @@ static UINT SchedFirewallExceptions(
        if (WCA_TODO_INSTALL == todoSched)
        {
-            hr = WcaDoDeferredAction(CUSTOM_ACTION_DECORATION(L"RollbackFirewallExceptionsInstall"), pwzCustomActionData, cFirewallExceptions * COST_FIREWALL_EXCEPTION);
+            hr = WcaDoDeferredAction(CUSTOM_ACTION_DECORATION5(L"RollbackFirewallExceptionsInstall"), pwzCustomActionData, cFirewallExceptions * COST_FIREWALL_EXCEPTION);
            ExitOnFailure(hr, "failed to schedule firewall install exceptions rollback");            
-            hr = WcaDoDeferredAction(CUSTOM_ACTION_DECORATION(L"ExecFirewallExceptionsInstall"), pwzCustomActionData, cFirewallExceptions * COST_FIREWALL_EXCEPTION);
+            hr = WcaDoDeferredAction(CUSTOM_ACTION_DECORATION5(L"ExecFirewallExceptionsInstall"), pwzCustomActionData, cFirewallExceptions * COST_FIREWALL_EXCEPTION);
            ExitOnFailure(hr, "failed to schedule firewall install exceptions execution");
        }
        else
        {
-            hr = WcaDoDeferredAction(CUSTOM_ACTION_DECORATION(L"RollbackFirewallExceptionsUninstall"), pwzCustomActionData, cFirewallExceptions * COST_FIREWALL_EXCEPTION);
+            hr = WcaDoDeferredAction(CUSTOM_ACTION_DECORATION5(L"RollbackFirewallExceptionsUninstall"), pwzCustomActionData, cFirewallExceptions * COST_FIREWALL_EXCEPTION);
            ExitOnFailure(hr, "failed to schedule firewall uninstall exceptions rollback");    
-            hr = WcaDoDeferredAction(CUSTOM_ACTION_DECORATION(L"ExecFirewallExceptionsUninstall"), pwzCustomActionData, cFirewallExceptions * COST_FIREWALL_EXCEPTION);
+            hr = WcaDoDeferredAction(CUSTOM_ACTION_DECORATION5(L"ExecFirewallExceptionsUninstall"), pwzCustomActionData, cFirewallExceptions * COST_FIREWALL_EXCEPTION);
            ExitOnFailure(hr, "failed to schedule firewall uninstall exceptions execution");
        }
    }
diff --git a/src/ext/Firewall/test/WixToolsetTest.Firewall/FirewallExtensionFixture.cs b/src/ext/Firewall/test/WixToolsetTest.Firewall/FirewallExtensionFixture.cs
index 06a877f6..7119e92d 100644
--- a/src/ext/Firewall/test/WixToolsetTest.Firewall/FirewallExtensionFixture.cs
+++ b/src/ext/Firewall/test/WixToolsetTest.Firewall/FirewallExtensionFixture.cs
@@ -18,17 +18,21 @@ namespace WixToolsetTest.Firewall
            var folder = TestData.Get(@"TestData\UsingFirewall");
            var build = new Builder(folder, typeof(FirewallExtensionFactory), new[] { folder });
-            var results = build.BuildAndQuery(Build, "Wix4FirewallException", "CustomAction");
+            var results = build.BuildAndQuery(Build, "Wix5FirewallException", "CustomAction");
            WixAssert.CompareLineByLine(new[]
            {
-                "CustomAction:Wix4ExecFirewallExceptionsInstall_X86\t3073\tWix4FWCA_X86\tExecFirewallExceptions\t",
+                "CustomAction:Wix5ExecFirewallExceptionsInstall_X86\t3073\tWix5FWCA_X86\tExecFirewallExceptions\t",
-                "CustomAction:Wix4ExecFirewallExceptionsUninstall_X86\t3073\tWix4FWCA_X86\tExecFirewallExceptions\t",
+                "CustomAction:Wix5ExecFirewallExceptionsUninstall_X86\t3073\tWix5FWCA_X86\tExecFirewallExceptions\t",
-                "CustomAction:Wix4RollbackFirewallExceptionsInstall_X86\t3329\tWix4FWCA_X86\tExecFirewallExceptions\t",
+                "CustomAction:Wix5RollbackFirewallExceptionsInstall_X86\t3329\tWix5FWCA_X86\tExecFirewallExceptions\t",
-                "CustomAction:Wix4RollbackFirewallExceptionsUninstall_X86\t3329\tWix4FWCA_X86\tExecFirewallExceptions\t",
+                "CustomAction:Wix5RollbackFirewallExceptionsUninstall_X86\t3329\tWix5FWCA_X86\tExecFirewallExceptions\t",
-                "CustomAction:Wix4SchedFirewallExceptionsInstall_X86\t1\tWix4FWCA_X86\tSchedFirewallExceptionsInstall\t",
+                "CustomAction:Wix5SchedFirewallExceptionsInstall_X86\t1\tWix5FWCA_X86\tSchedFirewallExceptionsInstall\t",
-                "CustomAction:Wix4SchedFirewallExceptionsUninstall_X86\t1\tWix4FWCA_X86\tSchedFirewallExceptionsUninstall\t",
+                "CustomAction:Wix5SchedFirewallExceptionsUninstall_X86\t1\tWix5FWCA_X86\tSchedFirewallExceptionsUninstall\t",
-                "Wix4FirewallException:ExampleFirewall\tExampleApp\t*\t42\t6\t[#filNdJBJmq3UCUIwmXS8x21aAsvqzk]\t0\t2147483647\tfilNdJBJmq3UCUIwmXS8x21aAsvqzk\tAn app-based firewall exception\t1",
+                "Wix5FirewallException:ExampleFirewall\tExampleApp\t*\t42\t6\t[#filNdJBJmq3UCUIwmXS8x21aAsvqzk]\t0\t2147483647\tfilNdJBJmq3UCUIwmXS8x21aAsvqzk\tAn app-based firewall exception\t1",
-                "Wix4FirewallException:fex70IVsYNnbwiHQrEepmdTPKH8XYs\tExamplePort\tLocalSubnet\t42\t6\t\t0\t2147483647\tfilNdJBJmq3UCUIwmXS8x21aAsvqzk\tA port-based firewall exception\t2",
+                "Wix5FirewallException:fex_ZpDsnKyHlYiA24JHzvFxm3uLZ8\tExampleDefaultGatewayScope\tDefaultGateway\t4432\t6\t\t0\t2\tfilNdJBJmq3UCUIwmXS8x21aAsvqzk\tdefaultGateway scope firewall exception\t1",
+                "Wix5FirewallException:fex6bkfWwpiRGI.wVFx0T7W4LXIHxU\tExampleDHCPScope\tdhcp\t\t211\ttest.exe\t0\t4\tfilNdJBJmq3UCUIwmXS8x21aAsvqzk\tDHCP scope firewall exception\t1",
+                "Wix5FirewallException:fex70IVsYNnbwiHQrEepmdTPKH8XYs\tExamplePort\tLocalSubnet\t42\t6\t\t0\t2147483647\tfilNdJBJmq3UCUIwmXS8x21aAsvqzk\tA port-based firewall exception\t2",
+                "Wix5FirewallException:fexXxaXCXXFh.UxO_BjmZxi1B1du_Q\tExampleWINSScope\twins\t6573\t6\t\t0\t1\tfilNdJBJmq3UCUIwmXS8x21aAsvqzk\tWINS scope firewall exception\t1",
+                "Wix5FirewallException:fexxY71H2ZBkPalv7uid1Yy4qaA_lA\tExampleDNSScope\tdns\t356\t17\t\t0\t2147483647\tfilNdJBJmq3UCUIwmXS8x21aAsvqzk\tDNS scope firewall exception\t1",
            }, results);
        }
@@ -38,17 +42,21 @@ namespace WixToolsetTest.Firewall
            var folder = TestData.Get(@"TestData\UsingFirewall");
            var build = new Builder(folder, typeof(FirewallExtensionFactory), new[] { folder });
-            var results = build.BuildAndQuery(BuildARM64, "Wix4FirewallException", "CustomAction");
+            var results = build.BuildAndQuery(BuildARM64, "Wix5FirewallException", "CustomAction");
            WixAssert.CompareLineByLine(new[]
            {
-                "CustomAction:Wix4ExecFirewallExceptionsInstall_A64\t3073\tWix4FWCA_A64\tExecFirewallExceptions\t",
+                "CustomAction:Wix5ExecFirewallExceptionsInstall_A64\t3073\tWix5FWCA_A64\tExecFirewallExceptions\t",
-                "CustomAction:Wix4ExecFirewallExceptionsUninstall_A64\t3073\tWix4FWCA_A64\tExecFirewallExceptions\t",
+                "CustomAction:Wix5ExecFirewallExceptionsUninstall_A64\t3073\tWix5FWCA_A64\tExecFirewallExceptions\t",
-                "CustomAction:Wix4RollbackFirewallExceptionsInstall_A64\t3329\tWix4FWCA_A64\tExecFirewallExceptions\t",
+                "CustomAction:Wix5RollbackFirewallExceptionsInstall_A64\t3329\tWix5FWCA_A64\tExecFirewallExceptions\t",
-                "CustomAction:Wix4RollbackFirewallExceptionsUninstall_A64\t3329\tWix4FWCA_A64\tExecFirewallExceptions\t",
+                "CustomAction:Wix5RollbackFirewallExceptionsUninstall_A64\t3329\tWix5FWCA_A64\tExecFirewallExceptions\t",
-                "CustomAction:Wix4SchedFirewallExceptionsInstall_A64\t1\tWix4FWCA_A64\tSchedFirewallExceptionsInstall\t",
+                "CustomAction:Wix5SchedFirewallExceptionsInstall_A64\t1\tWix5FWCA_A64\tSchedFirewallExceptionsInstall\t",
-                "CustomAction:Wix4SchedFirewallExceptionsUninstall_A64\t1\tWix4FWCA_A64\tSchedFirewallExceptionsUninstall\t",
+                "CustomAction:Wix5SchedFirewallExceptionsUninstall_A64\t1\tWix5FWCA_A64\tSchedFirewallExceptionsUninstall\t",
-                "Wix4FirewallException:ExampleFirewall\tExampleApp\t*\t42\t6\t[#filNdJBJmq3UCUIwmXS8x21aAsvqzk]\t0\t2147483647\tfilNdJBJmq3UCUIwmXS8x21aAsvqzk\tAn app-based firewall exception\t1",
+                "Wix5FirewallException:ExampleFirewall\tExampleApp\t*\t42\t6\t[#filNdJBJmq3UCUIwmXS8x21aAsvqzk]\t0\t2147483647\tfilNdJBJmq3UCUIwmXS8x21aAsvqzk\tAn app-based firewall exception\t1",
-                "Wix4FirewallException:fex70IVsYNnbwiHQrEepmdTPKH8XYs\tExamplePort\tLocalSubnet\t42\t6\t\t0\t2147483647\tfilNdJBJmq3UCUIwmXS8x21aAsvqzk\tA port-based firewall exception\t2",
+                "Wix5FirewallException:fex_ZpDsnKyHlYiA24JHzvFxm3uLZ8\tExampleDefaultGatewayScope\tDefaultGateway\t4432\t6\t\t0\t2\tfilNdJBJmq3UCUIwmXS8x21aAsvqzk\tdefaultGateway scope firewall exception\t1",
+                "Wix5FirewallException:fex6bkfWwpiRGI.wVFx0T7W4LXIHxU\tExampleDHCPScope\tdhcp\t\t211\ttest.exe\t0\t4\tfilNdJBJmq3UCUIwmXS8x21aAsvqzk\tDHCP scope firewall exception\t1",
+                "Wix5FirewallException:fex70IVsYNnbwiHQrEepmdTPKH8XYs\tExamplePort\tLocalSubnet\t42\t6\t\t0\t2147483647\tfilNdJBJmq3UCUIwmXS8x21aAsvqzk\tA port-based firewall exception\t2",
+                "Wix5FirewallException:fexXxaXCXXFh.UxO_BjmZxi1B1du_Q\tExampleWINSScope\twins\t6573\t6\t\t0\t1\tfilNdJBJmq3UCUIwmXS8x21aAsvqzk\tWINS scope firewall exception\t1",
+                "Wix5FirewallException:fexxY71H2ZBkPalv7uid1Yy4qaA_lA\tExampleDNSScope\tdns\t356\t17\t\t0\t2147483647\tfilNdJBJmq3UCUIwmXS8x21aAsvqzk\tDNS scope firewall exception\t1",
            }, results);
        }
@@ -71,8 +79,17 @@ namespace WixToolsetTest.Firewall
            {
                "FirewallException",
                "FirewallException",
+                "FirewallException",
+                "FirewallException",
+                "FirewallException",
+                "FirewallException",
            }, actual.Select(a => a.Name).ToArray());
+        }
+        [Fact]
+        public void RoundtripAttributesAreCorrectForApp()
+        {
+            var actual = BuildAndDecompileAndBuild("http://wixtoolset.org/schemas/v4/wxs/firewall", "ExampleApp");
            WixAssert.CompareLineByLine(new[]
            {
                "Id=ExampleFirewall",
@@ -85,8 +102,13 @@ namespace WixToolsetTest.Firewall
                "Description=An app-based firewall exception",
                "Outbound=no",
                "xmlns=http://wixtoolset.org/schemas/v4/wxs/firewall",
-            }, actual[0].Attributes);
+            }, actual.Attributes);
+        }
+        [Fact]
+        public void RoundtripAttributesAreCorrectForPort()
+        {
+            var actual = BuildAndDecompileAndBuild("http://wixtoolset.org/schemas/v4/wxs/firewall", "ExamplePort");
            WixAssert.CompareLineByLine(new[]
            {
                "Id=fex70IVsYNnbwiHQrEepmdTPKH8XYs",
@@ -98,7 +120,79 @@ namespace WixToolsetTest.Firewall
                "Description=A port-based firewall exception",
                "Outbound=yes",
                "xmlns=http://wixtoolset.org/schemas/v4/wxs/firewall",
-            }, actual[1].Attributes);
+            }, actual.Attributes);
+        }
+        [Fact]
+        public void RoundtripAttributesAreCorrectForDNSScope()
+        {
+            var actual = BuildAndDecompileAndBuild("http://wixtoolset.org/schemas/v4/wxs/firewall", "ExampleDNSScope");
+            WixAssert.CompareLineByLine(new[]
+            {
+                "Id=fexxY71H2ZBkPalv7uid1Yy4qaA_lA",
+                "Name=ExampleDNSScope",
+                "Scope=DNS",
+                "Port=356",
+                "Protocol=udp",
+                "Profile=all",
+                "Description=DNS scope firewall exception",
+                "Outbound=no",
+                "xmlns=http://wixtoolset.org/schemas/v4/wxs/firewall",
+            }, actual.Attributes);
+        }
+        [Fact]
+        public void RoundtripAttributesAreCorrectForDHCPScope()
+        {
+            var actual = BuildAndDecompileAndBuild("http://wixtoolset.org/schemas/v4/wxs/firewall", "ExampleDHCPScope");
+            WixAssert.CompareLineByLine(new[]
+            {
+                "Id=fex6bkfWwpiRGI.wVFx0T7W4LXIHxU",
+                "Name=ExampleDHCPScope",
+                "Scope=DHCP",
+                "Protocol=211",
+                "Program=test.exe",
+                "Profile=public",
+                "Description=DHCP scope firewall exception",
+                "Outbound=no",
+                "xmlns=http://wixtoolset.org/schemas/v4/wxs/firewall"
+            }, actual.Attributes);
+        }
+        [Fact]
+        public void RoundtripAttributesAreCorrectForWINSScope()
+        {
+            var actual = BuildAndDecompileAndBuild("http://wixtoolset.org/schemas/v4/wxs/firewall", "ExampleWINSScope");
+            WixAssert.CompareLineByLine(new[]
+            {
+                "Id=fexXxaXCXXFh.UxO_BjmZxi1B1du_Q",
+                "Name=ExampleWINSScope",
+                "Scope=WINS",
+                "Port=6573",
+                "Protocol=tcp",
+                "Profile=domain",
+                "Description=WINS scope firewall exception",
+                "Outbound=no",
+                "xmlns=http://wixtoolset.org/schemas/v4/wxs/firewall",
+            }, actual.Attributes);
+        }
+        [Fact]
+        public void RoundtripAttributesAreCorrectForDefaultGatewayScope()
+        {
+            var actual = BuildAndDecompileAndBuild("http://wixtoolset.org/schemas/v4/wxs/firewall", "ExampleDefaultGatewayScope");
+            WixAssert.CompareLineByLine(new[]
+            {
+                "Id=fex_ZpDsnKyHlYiA24JHzvFxm3uLZ8",
+                "Name=ExampleDefaultGatewayScope",
+                "Scope=defaultGateway",
+                "Port=4432",
+                "Protocol=tcp",
+                "Profile=private",
+                "Description=defaultGateway scope firewall exception",
+                "Outbound=no",
+                "xmlns=http://wixtoolset.org/schemas/v4/wxs/firewall",
+            }, actual.Attributes);
        }
        private static void Build(string[] args)
@@ -122,5 +216,31 @@ namespace WixToolsetTest.Firewall
            var result = WixRunner.Execute(args);
            result.AssertSuccess();
        }
+        class AttributeVerifier
+        {
+            public string Name { get; set; }
+            public string[] Attributes { get; set; }
+        }
+        private static AttributeVerifier BuildAndDecompileAndBuild(string nameSpace, string ruleName)
+        {
+            var folder = TestData.Get(@"TestData", "UsingFirewall");
+            var build = new Builder(folder, typeof(FirewallExtensionFactory), new[] { folder });
+            var output = Path.Combine(folder, $"Firewall{ruleName}.xml");
+            build.BuildAndDecompileAndBuild(Build, Decompile, output);
+            var doc = XDocument.Load(output);
+            var actual = doc.Descendants()
+                .Where(e => e.Name.Namespace == nameSpace)
+                .Select(fe => new AttributeVerifier
+                {
+                    Name = fe.Attributes().Single(a => a.Name.LocalName == "Name").Value,
+                    Attributes = fe.Attributes().Select(a => $"{a.Name.LocalName}={a.Value}").ToArray()
+                })
+                .Single(av => av.Name == ruleName);
+            return actual;
+        }
    }
 }
diff --git a/src/ext/Firewall/test/WixToolsetTest.Firewall/TestData/UsingFirewall/PackageComponents.wxs b/src/ext/Firewall/test/WixToolsetTest.Firewall/TestData/UsingFirewall/PackageComponents.wxs
index c712d895..957aa642 100644
--- a/src/ext/Firewall/test/WixToolsetTest.Firewall/TestData/UsingFirewall/PackageComponents.wxs
+++ b/src/ext/Firewall/test/WixToolsetTest.Firewall/TestData/UsingFirewall/PackageComponents.wxs
@@ -12,6 +12,10 @@
                </File>
                <fw:FirewallException Description="A port-based firewall exception" Name="ExamplePort" Port="42" Outbound="yes" Scope="localSubnet" />
+                <fw:FirewallException Description="DNS scope firewall exception" Name="ExampleDNSScope" Port="356" Protocol="udp" Scope="DNS" />
+                <fw:FirewallException Description="DHCP scope firewall exception" Name="ExampleDHCPScope" Program="test.exe" Protocol="211" Scope="DHCP" Profile="public" />
+                <fw:FirewallException Description="WINS scope firewall exception" Name="ExampleWINSScope" Port="6573" Scope="WINS" Profile="domain"/>
+                <fw:FirewallException Description="defaultGateway scope firewall exception" Name="ExampleDefaultGatewayScope" Port="4432" Scope="defaultGateway" Profile="private" />
            </Component>
        </ComponentGroup>
    </Fragment>
diff --git a/src/ext/Firewall/wixext/FirewallCompiler.cs b/src/ext/Firewall/wixext/FirewallCompiler.cs
index 19ee0b6d..ed49ba9c 100644
--- a/src/ext/Firewall/wixext/FirewallCompiler.cs
+++ b/src/ext/Firewall/wixext/FirewallCompiler.cs
@@ -135,7 +135,12 @@ namespace WixToolset.Firewall
                                    protocol = FirewallConstants.NET_FW_IP_PROTOCOL_UDP;
                                    break;
                                default:
-                                    this.Messaging.Write(ErrorMessages.IllegalAttributeValue(sourceLineNumbers, element.Name.LocalName, "Protocol", protocolValue, "tcp", "udp"));
+                                    int parsedProtocol;
+                                    if (!Int32.TryParse(protocolValue, out parsedProtocol) || parsedProtocol > 255 || parsedProtocol < 0)
+                                    {
+                                        this.Messaging.Write(ErrorMessages.IllegalAttributeValue(sourceLineNumbers, element.Name.LocalName, "Protocol", protocolValue, "tcp", "udp", "0-255"));
+                                    }
+                                    protocol = parsedProtocol;
                                    break;
                            }
                            break;
@@ -149,8 +154,20 @@ namespace WixToolset.Firewall
                                case "localSubnet":
                                    remoteAddresses = "LocalSubnet";
                                    break;
+                                case "DNS":
+                                    remoteAddresses = "dns";
+                                    break;
+                                case "DHCP":
+                                    remoteAddresses = "dhcp";
+                                    break;
+                                case "WINS":
+                                    remoteAddresses = "wins";
+                                    break;
+                                case "defaultGateway":
+                                    remoteAddresses = "DefaultGateway";
+                                    break;
                                default:
-                                    this.Messaging.Write(ErrorMessages.IllegalAttributeValue(sourceLineNumbers, element.Name.LocalName, "Scope", scope, "any", "localSubnet"));
+                                    this.Messaging.Write(ErrorMessages.IllegalAttributeValue(sourceLineNumbers, element.Name.LocalName, "Scope", scope, "any", "localSubnet", "DNS", "DHCP", "WINS", "defaultGateway"));
                                    break;
                            }
                            break;
@@ -251,6 +268,21 @@ namespace WixToolset.Firewall
                this.Messaging.Write(FirewallErrors.NoExceptionSpecified(sourceLineNumbers));
            }
+            // Ports can only be specified if the protocol is TCP or UDP.
+            if (!String.IsNullOrEmpty(port) && protocol.HasValue)
+            {
+                switch(protocol.Value)
+                {
+                    case FirewallConstants.NET_FW_IP_PROTOCOL_TCP:
+                    case FirewallConstants.NET_FW_IP_PROTOCOL_UDP:
+                        break;
+                    default:
+                        this.Messaging.Write(ErrorMessages.IllegalAttributeWithOtherAttribute(sourceLineNumbers, element.Name.LocalName, "Port", "Protocol", protocol.Value.ToString()));
+                        break;
+                }
+            }
            if (!this.Messaging.EncounteredError)
            {
                // at this point, File attribute and File parent element are treated the same
@@ -300,8 +332,8 @@ namespace WixToolset.Firewall
                    symbol.Attributes = attributes;
                }
-                this.ParseHelper.CreateCustomActionReference(sourceLineNumbers, section, "Wix4SchedFirewallExceptionsInstall", this.Context.Platform, CustomActionPlatforms.ARM64 | CustomActionPlatforms.X64 | CustomActionPlatforms.X86);
+                this.ParseHelper.CreateCustomActionReference(sourceLineNumbers, section, "Wix5SchedFirewallExceptionsInstall", this.Context.Platform, CustomActionPlatforms.ARM64 | CustomActionPlatforms.X64 | CustomActionPlatforms.X86);
-                this.ParseHelper.CreateCustomActionReference(sourceLineNumbers, section, "Wix4SchedFirewallExceptionsUninstall", this.Context.Platform, CustomActionPlatforms.ARM64 | CustomActionPlatforms.X64 | CustomActionPlatforms.X86);
+                this.ParseHelper.CreateCustomActionReference(sourceLineNumbers, section, "Wix5SchedFirewallExceptionsUninstall", this.Context.Platform, CustomActionPlatforms.ARM64 | CustomActionPlatforms.X64 | CustomActionPlatforms.X86);
            }
        }
diff --git a/src/ext/Firewall/wixext/FirewallDecompiler.cs b/src/ext/Firewall/wixext/FirewallDecompiler.cs
index 69f2c3f4..9ddd8a9a 100644
--- a/src/ext/Firewall/wixext/FirewallDecompiler.cs
+++ b/src/ext/Firewall/wixext/FirewallDecompiler.cs
@@ -32,7 +32,7 @@ namespace WixToolset.Firewall
        {
            switch (table.Name)
            {
-                case "Wix4FirewallException":
+                case "Wix5FirewallException":
                    this.DecompileWixFirewallExceptionTable(table);
                    break;
                default:
@@ -69,18 +69,29 @@ namespace WixToolset.Firewall
                    string[] addresses = ((string)row[2]).Split(',');
                    if (addresses.Length == 1)
                    {
-                        // special-case the Scope attribute values
+                        switch(addresses[0])
-                        if (addresses[0] == "*")
                        {
-                            firewallException.Add(new XAttribute("Scope", "any"));
+                            case "*":
-                        }
+                                firewallException.Add(new XAttribute("Scope", "any"));
-                        else if (addresses[0] == "LocalSubnet")
+                                break;
-                        {
+                            case "LocalSubnet":
-                            firewallException.Add(new XAttribute("Scope", "localSubnet"));
+                                firewallException.Add(new XAttribute("Scope", "localSubnet"));
-                        }
+                                break;
-                        else
+                            case "dns":
-                        {
+                                firewallException.Add(new XAttribute("Scope", "DNS"));
-                            FirewallDecompiler.AddRemoteAddress(firewallException, addresses[0]);
+                                break;
+                            case "dhcp":
+                                firewallException.Add(new XAttribute("Scope", "DHCP"));
+                                break;
+                            case "wins":
+                                firewallException.Add(new XAttribute("Scope", "WINS"));
+                                break;
+                            case "DefaultGateway":
+                                firewallException.Add(new XAttribute("Scope", "defaultGateway"));
+                                break;
+                            default:
+                                FirewallDecompiler.AddRemoteAddress(firewallException, addresses[0]);
+                                break;
                        }
                    }
                    else
@@ -107,6 +118,9 @@ namespace WixToolset.Firewall
                        case FirewallConstants.NET_FW_IP_PROTOCOL_UDP:
                            firewallException.Add(new XAttribute("Protocol", "udp"));
                            break;
+                        default:
+                            firewallException.Add(new XAttribute("Protocol", row[4]));
+                            break;
                    }
                }
@@ -183,7 +197,7 @@ namespace WixToolset.Firewall
        /// <param name="tables">Collection of all tables.</param>
        private void FinalizeFirewallExceptionTable(TableIndexedCollection tables)
        {
-            if (tables.TryGetTable("Wix4FirewallException", out var firewallExceptionTable))
+            if (tables.TryGetTable("Wix5FirewallException", out var firewallExceptionTable))
            {
                foreach (var row in firewallExceptionTable.Rows)
                {
diff --git a/src/ext/Firewall/wixext/FirewallTableDefinitions.cs b/src/ext/Firewall/wixext/FirewallTableDefinitions.cs
index 04918f5f..26dedbf1 100644
--- a/src/ext/Firewall/wixext/FirewallTableDefinitions.cs
+++ b/src/ext/Firewall/wixext/FirewallTableDefinitions.cs
@@ -7,15 +7,15 @@ namespace WixToolset.Firewall
    public static class FirewallTableDefinitions
    {
        public static readonly TableDefinition WixFirewallException = new TableDefinition(
-            "Wix4FirewallException",
+            "Wix5FirewallException",
            FirewallSymbolDefinitions.WixFirewallException,
            new[]
            {
-                new ColumnDefinition("Wix4FirewallException", ColumnType.String, 72, primaryKey: true, nullable: false, ColumnCategory.Identifier, description: "The primary key, a non-localized token.", modularizeType: ColumnModularizeType.Column),
+                new ColumnDefinition("Wix5FirewallException", ColumnType.String, 72, primaryKey: true, nullable: false, ColumnCategory.Identifier, description: "The primary key, a non-localized token.", modularizeType: ColumnModularizeType.Column),
                new ColumnDefinition("Name", ColumnType.Localized, 255, primaryKey: false, nullable: true, ColumnCategory.Formatted, description: "Localizable display name.", modularizeType: ColumnModularizeType.Property),
                new ColumnDefinition("RemoteAddresses", ColumnType.String, 0, primaryKey: false, nullable: false, ColumnCategory.Formatted, description: "Remote address to accept incoming connections from.", modularizeType: ColumnModularizeType.Property),
                new ColumnDefinition("Port", ColumnType.String, 0, primaryKey: false, nullable: true, ColumnCategory.Formatted, minValue: 1, description: "Port number.", modularizeType: ColumnModularizeType.Property),
-                new ColumnDefinition("Protocol", ColumnType.Number, 1, primaryKey: false, nullable: true, ColumnCategory.Integer, minValue: 6, maxValue: 17, description: "Protocol (6=TCP; 17=UDP)."),
+                new ColumnDefinition("Protocol", ColumnType.Number, 1, primaryKey: false, nullable: true, ColumnCategory.Integer, minValue: 0, maxValue: 255, description: "Protocol (6=TCP; 17=UDP). https://www.iana.org/assignments/protocol-numbers"),
                new ColumnDefinition("Program", ColumnType.String, 255, primaryKey: false, nullable: true, ColumnCategory.Formatted, description: "Exception for a program (formatted path name).", modularizeType: ColumnModularizeType.Property),
                new ColumnDefinition("Attributes", ColumnType.Number, 4, primaryKey: false, nullable: true, ColumnCategory.Unknown, description: "Vital=1"),
                new ColumnDefinition("Profile", ColumnType.Number, 4, primaryKey: false, nullable: false, ColumnCategory.Integer, minValue: 1, maxValue: 2147483647, description: "Profile (1=domain; 2=private; 4=public; 2147483647=all)."),
diff --git a/src/ext/Firewall/wixlib/FirewallExtension_Platform.wxi b/src/ext/Firewall/wixlib/FirewallExtension_Platform.wxi
index ae02bcd0..736a54b0 100644
--- a/src/ext/Firewall/wixlib/FirewallExtension_Platform.wxi
+++ b/src/ext/Firewall/wixlib/FirewallExtension_Platform.wxi
@@ -6,32 +6,32 @@
    <Fragment>
        <UIRef Id="WixFirewallErrors" />
        <UI>
-            <ProgressText Action="$(var.Prefix)SchedFirewallExceptionsInstall$(var.Suffix)" Message="!(loc.WixSchedFirewallExceptionsInstall)" />
+            <ProgressText Action="$(var.Prefix5)SchedFirewallExceptionsInstall$(var.Suffix)" Message="!(loc.WixSchedFirewallExceptionsInstall)" />
-            <ProgressText Action="$(var.Prefix)SchedFirewallExceptionsUninstall$(var.Suffix)" Message="!(loc.WixSchedFirewallExceptionsUninstall)" />
+            <ProgressText Action="$(var.Prefix5)SchedFirewallExceptionsUninstall$(var.Suffix)" Message="!(loc.WixSchedFirewallExceptionsUninstall)" />
-            <ProgressText Action="$(var.Prefix)RollbackFirewallExceptionsInstall$(var.Suffix)" Message="!(loc.WixRollbackFirewallExceptionsInstall)" />
+            <ProgressText Action="$(var.Prefix5)RollbackFirewallExceptionsInstall$(var.Suffix)" Message="!(loc.WixRollbackFirewallExceptionsInstall)" />
-            <ProgressText Action="$(var.Prefix)ExecFirewallExceptionsInstall$(var.Suffix)" Message="!(loc.WixExecFirewallExceptionsInstall)" />
+            <ProgressText Action="$(var.Prefix5)ExecFirewallExceptionsInstall$(var.Suffix)" Message="!(loc.WixExecFirewallExceptionsInstall)" />
-            <ProgressText Action="$(var.Prefix)RollbackFirewallExceptionsUninstall$(var.Suffix)" Message="!(loc.WixRollbackFirewallExceptionsUninstall)" />
+            <ProgressText Action="$(var.Prefix5)RollbackFirewallExceptionsUninstall$(var.Suffix)" Message="!(loc.WixRollbackFirewallExceptionsUninstall)" />
-            <ProgressText Action="$(var.Prefix)ExecFirewallExceptionsUninstall$(var.Suffix)" Message="!(loc.WixExecFirewallExceptionsUninstall)" />
+            <ProgressText Action="$(var.Prefix5)ExecFirewallExceptionsUninstall$(var.Suffix)" Message="!(loc.WixExecFirewallExceptionsUninstall)" />
        </UI>
-        <CustomAction Id="$(var.Prefix)SchedFirewallExceptionsInstall$(var.Suffix)" DllEntry="SchedFirewallExceptionsInstall" Execute="immediate" Return="check" SuppressModularization="yes" BinaryRef="$(var.Prefix)FWCA$(var.Suffix)" />
+        <CustomAction Id="$(var.Prefix5)SchedFirewallExceptionsInstall$(var.Suffix)" DllEntry="SchedFirewallExceptionsInstall" Execute="immediate" Return="check" SuppressModularization="yes" BinaryRef="$(var.Prefix5)FWCA$(var.Suffix)" />
-        <CustomAction Id="$(var.Prefix)SchedFirewallExceptionsUninstall$(var.Suffix)" DllEntry="SchedFirewallExceptionsUninstall" Execute="immediate" Return="check" SuppressModularization="yes" BinaryRef="$(var.Prefix)FWCA$(var.Suffix)" />
+        <CustomAction Id="$(var.Prefix5)SchedFirewallExceptionsUninstall$(var.Suffix)" DllEntry="SchedFirewallExceptionsUninstall" Execute="immediate" Return="check" SuppressModularization="yes" BinaryRef="$(var.Prefix5)FWCA$(var.Suffix)" />
-        <CustomAction Id="$(var.Prefix)RollbackFirewallExceptionsInstall$(var.Suffix)" DllEntry="ExecFirewallExceptions" Execute="rollback" Impersonate="no" Return="check" SuppressModularization="yes" BinaryRef="$(var.Prefix)FWCA$(var.Suffix)" />
+        <CustomAction Id="$(var.Prefix5)RollbackFirewallExceptionsInstall$(var.Suffix)" DllEntry="ExecFirewallExceptions" Execute="rollback" Impersonate="no" Return="check" SuppressModularization="yes" BinaryRef="$(var.Prefix5)FWCA$(var.Suffix)" />
-        <CustomAction Id="$(var.Prefix)ExecFirewallExceptionsInstall$(var.Suffix)" DllEntry="ExecFirewallExceptions" Execute="deferred" Impersonate="no" Return="check" SuppressModularization="yes" BinaryRef="$(var.Prefix)FWCA$(var.Suffix)" />
+        <CustomAction Id="$(var.Prefix5)ExecFirewallExceptionsInstall$(var.Suffix)" DllEntry="ExecFirewallExceptions" Execute="deferred" Impersonate="no" Return="check" SuppressModularization="yes" BinaryRef="$(var.Prefix5)FWCA$(var.Suffix)" />
-        <CustomAction Id="$(var.Prefix)RollbackFirewallExceptionsUninstall$(var.Suffix)" DllEntry="ExecFirewallExceptions" Execute="rollback" Impersonate="no" Return="check" SuppressModularization="yes" BinaryRef="$(var.Prefix)FWCA$(var.Suffix)" />
+        <CustomAction Id="$(var.Prefix5)RollbackFirewallExceptionsUninstall$(var.Suffix)" DllEntry="ExecFirewallExceptions" Execute="rollback" Impersonate="no" Return="check" SuppressModularization="yes" BinaryRef="$(var.Prefix5)FWCA$(var.Suffix)" />
-        <CustomAction Id="$(var.Prefix)ExecFirewallExceptionsUninstall$(var.Suffix)" DllEntry="ExecFirewallExceptions" Execute="deferred" Impersonate="no" Return="check" SuppressModularization="yes" BinaryRef="$(var.Prefix)FWCA$(var.Suffix)" />
+        <CustomAction Id="$(var.Prefix5)ExecFirewallExceptionsUninstall$(var.Suffix)" DllEntry="ExecFirewallExceptions" Execute="deferred" Impersonate="no" Return="check" SuppressModularization="yes" BinaryRef="$(var.Prefix5)FWCA$(var.Suffix)" />
        <!--
-            We need the firewall on Windows XP SP2 or later.
+            We need the firewall on Windows Vista or later.
        -->
        <InstallExecuteSequence>
-            <Custom Action="$(var.Prefix)SchedFirewallExceptionsUninstall$(var.Suffix)" Before="RemoveFiles" Overridable="yes" Condition="VersionNT &gt;= 600 OR (VersionNT &gt;= 501 AND ((MsiNTProductType = 1 AND ServicePackLevel &gt;= 2) OR (MsiNTProductType &gt; 1 AND ServicePackLevel &gt;= 1)))" />
+            <Custom Action="$(var.Prefix5)SchedFirewallExceptionsUninstall$(var.Suffix)" Before="RemoveFiles" Overridable="yes" Condition="VersionNT &gt;= 600" />
-            <Custom Action="$(var.Prefix)SchedFirewallExceptionsInstall$(var.Suffix)" After="InstallFiles" Overridable="yes" Condition="VersionNT &gt;= 600 OR (VersionNT &gt;= 501 AND ((MsiNTProductType = 1 AND ServicePackLevel &gt;= 2) OR (MsiNTProductType &gt; 1 AND ServicePackLevel &gt;= 1)))" />
+            <Custom Action="$(var.Prefix5)SchedFirewallExceptionsInstall$(var.Suffix)" After="InstallFiles" Overridable="yes" Condition="VersionNT &gt;= 600" />
        </InstallExecuteSequence>
    </Fragment>
    <!-- Firewall Custom Action DLL Definitions -->
    <Fragment>
-        <Binary Id="$(var.Prefix)FWCA$(var.Suffix)" SourceFile="!(bindpath.$(var.platform))fwca.dll" />
+        <Binary Id="$(var.Prefix5)FWCA$(var.Suffix)" SourceFile="!(bindpath.$(var.platform))fwca.dll" />
    </Fragment>
 </Include>
diff --git a/src/ext/caDecor.h b/src/ext/caDecor.h
index da274650..060032cf 100644
--- a/src/ext/caDecor.h
+++ b/src/ext/caDecor.h
@@ -11,3 +11,13 @@
 #else
 #define CUSTOM_ACTION_DECORATION(f) L"Wix4" f L"_X86"
 #endif
+#if defined(_M_ARM64)
+#define CUSTOM_ACTION_DECORATION5(f) L"Wix5" f L"_A64"
+#elif defined(_M_AMD64)
+#define CUSTOM_ACTION_DECORATION5(f) L"Wix5" f L"_X64"
+#elif defined(_M_ARM)
+#define CUSTOM_ACTION_DECORATION5(f) L"Wix5" f L"_ARM"
+#else
+#define CUSTOM_ACTION_DECORATION5(f) L"Wix5" f L"_X86"
+#endif
diff --git a/src/ext/caDecor.wxi b/src/ext/caDecor.wxi
index b1711518..256d7586 100644
--- a/src/ext/caDecor.wxi
+++ b/src/ext/caDecor.wxi
@@ -8,6 +8,12 @@
    <?define Prefix="Wix4" ?>
+    <?ifdef Prefix5 ?>
+        <?undef Prefix5 ?>
+    <?endif?>
+    <?define Prefix5="Wix5" ?>
    <?ifndef platform ?>
        <?define platform="x86" ?>
    <?endif?>
diff --git a/src/test/msi/TestData/FirewallExtensionTests/ProtocolRules/ProtocolRules.wixproj b/src/test/msi/TestData/FirewallExtensionTests/ProtocolRules/ProtocolRules.wixproj
new file mode 100644
index 00000000..b1770b0f
--- /dev/null
+++ b/src/test/msi/TestData/FirewallExtensionTests/ProtocolRules/ProtocolRules.wixproj
@@ -0,0 +1,13 @@
+<!-- Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->
+<Project Sdk="WixToolset.Sdk">
+  <PropertyGroup>
+    <UpgradeCode>{4D188568-1CCF-4EEE-BC27-17C3DCC83E58}</UpgradeCode>
+    <ProductComponentsRef>true</ProductComponentsRef>
+  </PropertyGroup>
+  <ItemGroup>
+    <Compile Include="..\..\Templates\Product.wxs" Link="Product.wxs" />
+  </ItemGroup>
+  <ItemGroup>
+    <PackageReference Include="WixToolset.Firewall.wixext" />
+  </ItemGroup>
+</Project>
+\ No newline at end of file
diff --git a/src/test/msi/TestData/FirewallExtensionTests/ProtocolRules/product.wxs b/src/test/msi/TestData/FirewallExtensionTests/ProtocolRules/product.wxs
new file mode 100644
index 00000000..6a28ad0a
--- /dev/null
+++ b/src/test/msi/TestData/FirewallExtensionTests/ProtocolRules/product.wxs
@@ -0,0 +1,23 @@
+<!-- Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->
+<Wix xmlns="http://wixtoolset.org/schemas/v4/wxs" xmlns:fw="http://wixtoolset.org/schemas/v4/wxs/firewall">
+    <Fragment>
+        <ComponentGroup Id="ProductComponents">
+            <ComponentRef Id="FirewallComponent1"/>
+        </ComponentGroup>
+    </Fragment>
+    <Fragment>
+        <Component Id="FirewallComponent1" Guid="E465C8FE-5B81-4553-9CFC-E0CD96B9A36C" Directory="INSTALLFOLDER">
+            <fw:FirewallException Id="FirewallException09"
+                Description="WiX Toolset firewall exception rule integration test - protocol TCP"
+                Name="WiXToolset401 Test - 0009" Protocol="tcp" Port="900" Scope="any" />
+            <fw:FirewallException Id="FirewallException10"
+                Description="WiX Toolset firewall exception rule integration test - protocol UDP"
+                Name="WiXToolset401 Test - 0010" Protocol="udp" Port="1000" Scope="any" />
+            <fw:FirewallException Id="FirewallException11"
+                Description="WiX Toolset firewall exception rule integration test - ports can only be specified if protocol is TCP or UDP"
+                Name="WiXToolset401 Test - 0011" Protocol="134" Program="test.exe" Scope="any" />
+        </Component>
+    </Fragment>
+</Wix>
diff --git a/src/test/msi/TestData/FirewallExtensionTests/ScopeRules/ScopeRules.wixproj b/src/test/msi/TestData/FirewallExtensionTests/ScopeRules/ScopeRules.wixproj
new file mode 100644
index 00000000..b1770b0f
--- /dev/null
+++ b/src/test/msi/TestData/FirewallExtensionTests/ScopeRules/ScopeRules.wixproj
@@ -0,0 +1,13 @@
+<!-- Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->
+<Project Sdk="WixToolset.Sdk">
+  <PropertyGroup>
+    <UpgradeCode>{4D188568-1CCF-4EEE-BC27-17C3DCC83E58}</UpgradeCode>
+    <ProductComponentsRef>true</ProductComponentsRef>
+  </PropertyGroup>
+  <ItemGroup>
+    <Compile Include="..\..\Templates\Product.wxs" Link="Product.wxs" />
+  </ItemGroup>
+  <ItemGroup>
+    <PackageReference Include="WixToolset.Firewall.wixext" />
+  </ItemGroup>
+</Project>
+\ No newline at end of file
diff --git a/src/test/msi/TestData/FirewallExtensionTests/ScopeRules/product.wxs b/src/test/msi/TestData/FirewallExtensionTests/ScopeRules/product.wxs
new file mode 100644
index 00000000..776c8675
--- /dev/null
+++ b/src/test/msi/TestData/FirewallExtensionTests/ScopeRules/product.wxs
@@ -0,0 +1,33 @@
+<!-- Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->
+<Wix xmlns="http://wixtoolset.org/schemas/v4/wxs" xmlns:fw="http://wixtoolset.org/schemas/v4/wxs/firewall">
+    <Fragment>
+        <ComponentGroup Id="ProductComponents">
+            <ComponentRef Id="FirewallComponent1"/>
+        </ComponentGroup>
+    </Fragment>
+    <Fragment>
+        <Component Id="FirewallComponent1" Guid="515AEDF0-A656-4006-8CE5-848ECCC680BD" Directory="INSTALLFOLDER">
+            <fw:FirewallException Id="FirewallException12"
+                Description="WiX Toolset firewall exception rule integration test - scope any"
+                Name="WiXToolset401 Test - 0012" Scope="any" Port="1200" />
+            <fw:FirewallException Id="FirewallException13"
+                Description="WiX Toolset firewall exception rule integration test - scope local subnet"
+                Name="WiXToolset401 Test - 0013" Scope="localSubnet" Port="1300" />
+            <fw:FirewallException Id="FirewallException14"
+                Description="WiX Toolset firewall exception rule integration test - scope DNS"
+                Name="WiXToolset401 Test - 0014" Scope="DNS" Port="1400" />
+            <fw:FirewallException Id="FirewallException15"
+                Description="WiX Toolset firewall exception rule integration test - scope DHCP"
+                Name="WiXToolset401 Test - 0015" Scope="DHCP" Port="1500" />
+            <fw:FirewallException Id="FirewallException16"
+                Description="WiX Toolset firewall exception rule integration test - scope WINS"
+                Name="WiXToolset401 Test - 0016" Scope="WINS" Port="1600"  />
+            <fw:FirewallException Id="FirewallException17"
+                Description="WiX Toolset firewall exception rule integration test - scope default gateway"
+                Name="WiXToolset401 Test - 0017" Scope="defaultGateway" Port="1700"  />
+        </Component>
+    </Fragment>
+</Wix>
diff --git a/src/test/msi/WixToolsetTest.MsiE2E/FirewallExtensionTests.cs b/src/test/msi/WixToolsetTest.MsiE2E/FirewallExtensionTests.cs
index 4106cd72..ce55aa14 100644
--- a/src/test/msi/WixToolsetTest.MsiE2E/FirewallExtensionTests.cs
+++ b/src/test/msi/WixToolsetTest.MsiE2E/FirewallExtensionTests.cs
@@ -315,5 +315,222 @@ namespace WixToolsetTest.MsiE2E
            var log2 = product.UninstallProduct(MSIExec.MSIExecReturnCode.SUCCESS, "NORULENAME=1");
            Assert.True(LogVerifier.MessageInLogFile(log2, "failed to remove firewall rule"));
        }
+        [RuntimeFact]
+        public void VarietyOfProtocolValuesCanBeUsed()
+        {
+            var product = this.CreatePackageInstaller("ProtocolRules");
+            product.InstallProduct(MSIExec.MSIExecReturnCode.SUCCESS);
+            var expected1 = new RuleDetails("WiXToolset401 Test - 0009")
+            {
+                Action = NET_FW_ACTION_.NET_FW_ACTION_ALLOW,
+                Description = "WiX Toolset firewall exception rule integration test - protocol TCP",
+                Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_IN,
+                EdgeTraversal = false,
+                EdgeTraversalOptions = 0,
+                Enabled = true,
+                InterfaceTypes = "All",
+                LocalAddresses = "*",
+                Profiles = Int32.MaxValue,
+                Protocol = 6,
+                RemoteAddresses = "*",
+                SecureFlags = 0,
+                LocalPorts = "900",
+                RemotePorts = "*",
+            };
+            Verifier.VerifyFirewallRule("WiXToolset401 Test - 0009", expected1);
+            var expected2 = new RuleDetails("WiXToolset401 Test - 0010")
+            {
+                Action = NET_FW_ACTION_.NET_FW_ACTION_ALLOW,
+                Description = "WiX Toolset firewall exception rule integration test - protocol UDP",
+                Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_IN,
+                EdgeTraversal = false,
+                EdgeTraversalOptions = 0,
+                Enabled = true,
+                InterfaceTypes = "All",
+                LocalAddresses = "*",
+                Profiles = Int32.MaxValue,
+                Protocol = 17,
+                RemoteAddresses = "*",
+                SecureFlags = 0,
+                LocalPorts = "1000",
+                RemotePorts = "*",
+            };
+            Verifier.VerifyFirewallRule("WiXToolset401 Test - 0010", expected2);
+            var expected3 = new RuleDetails("WiXToolset401 Test - 0011")
+            {
+                Action = NET_FW_ACTION_.NET_FW_ACTION_ALLOW,
+                ApplicationName = "test.exe",
+                Description = "WiX Toolset firewall exception rule integration test - ports can only be specified if protocol is TCP or UDP",
+                Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_IN,
+                EdgeTraversal = true,
+                EdgeTraversalOptions = 1,
+                Enabled = true,
+                InterfaceTypes = "All",
+                LocalAddresses = "*",
+                Profiles = Int32.MaxValue,
+                Protocol = 134,
+                RemoteAddresses = "*",
+                SecureFlags = 0,
+            };
+            Verifier.VerifyFirewallRule("WiXToolset401 Test - 0011", expected3);
+            product.UninstallProduct(MSIExec.MSIExecReturnCode.SUCCESS);
+            // verify the firewall exceptions have been removed.
+            Assert.False(Verifier.FirewallRuleExists("WiXToolset401 Test - 0009"));
+            Assert.False(Verifier.FirewallRuleExists("WiXToolset401 Test - 0010"));
+            Assert.False(Verifier.FirewallRuleExists("WiXToolset401 Test - 0011"));
+        }
+        [RuntimeFact]
+        public void FullSetOfScopeValuesCanBeUsed()
+        {
+            var product = this.CreatePackageInstaller("ScopeRules");
+            product.InstallProduct(MSIExec.MSIExecReturnCode.SUCCESS);
+            var expected1 = new RuleDetails("WiXToolset401 Test - 0012")
+            {
+                Action = NET_FW_ACTION_.NET_FW_ACTION_ALLOW,
+                Description = "WiX Toolset firewall exception rule integration test - scope any",
+                Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_IN,
+                EdgeTraversal = false,
+                EdgeTraversalOptions = 0,
+                Enabled = true,
+                InterfaceTypes = "All",
+                LocalAddresses = "*",
+                Profiles = Int32.MaxValue,
+                Protocol = 6,
+                RemoteAddresses = "*",
+                SecureFlags = 0,
+                LocalPorts = "1200",
+                RemotePorts = "*",
+            };
+            Verifier.VerifyFirewallRule("WiXToolset401 Test - 0012", expected1);
+            var expected2 = new RuleDetails("WiXToolset401 Test - 0013")
+            {
+                Action = NET_FW_ACTION_.NET_FW_ACTION_ALLOW,
+                Description = "WiX Toolset firewall exception rule integration test - scope local subnet",
+                Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_IN,
+                EdgeTraversal = false,
+                EdgeTraversalOptions = 0,
+                Enabled = true,
+                InterfaceTypes = "All",
+                LocalAddresses = "*",
+                Profiles = Int32.MaxValue,
+                Protocol = 6,
+                RemoteAddresses = "LocalSubnet",
+                SecureFlags = 0,
+                LocalPorts = "1300",
+                RemotePorts = "*",
+            };
+            Verifier.VerifyFirewallRule("WiXToolset401 Test - 0013", expected2);
+            var expected3 = new RuleDetails("WiXToolset401 Test - 0014")
+            {
+                Action = NET_FW_ACTION_.NET_FW_ACTION_ALLOW,
+                Description = "WiX Toolset firewall exception rule integration test - scope DNS",
+                Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_IN,
+                EdgeTraversal = false,
+                EdgeTraversalOptions = 0,
+                Enabled = true,
+                InterfaceTypes = "All",
+                LocalAddresses = "*",
+                Profiles = Int32.MaxValue,
+                Protocol = 6,
+                RemoteAddresses = "DNS",
+                SecureFlags = 0,
+                LocalPorts = "1400",
+                RemotePorts = "*",
+            };
+            Verifier.VerifyFirewallRule("WiXToolset401 Test - 0014", expected3);
+            var expected4 = new RuleDetails("WiXToolset401 Test - 0015")
+            {
+                Action = NET_FW_ACTION_.NET_FW_ACTION_ALLOW,
+                Description = "WiX Toolset firewall exception rule integration test - scope DHCP",
+                Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_IN,
+                EdgeTraversal = false,
+                EdgeTraversalOptions = 0,
+                Enabled = true,
+                InterfaceTypes = "All",
+                LocalAddresses = "*",
+                Profiles = Int32.MaxValue,
+                Protocol = 6,
+                RemoteAddresses = "DHCP",
+                SecureFlags = 0,
+                LocalPorts = "1500",
+                RemotePorts = "*",
+            };
+            Verifier.VerifyFirewallRule("WiXToolset401 Test - 0015", expected4);
+            var expected5 = new RuleDetails("WiXToolset401 Test - 0016")
+            {
+                Action = NET_FW_ACTION_.NET_FW_ACTION_ALLOW,
+                Description = "WiX Toolset firewall exception rule integration test - scope WINS",
+                Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_IN,
+                EdgeTraversal = false,
+                EdgeTraversalOptions = 0,
+                Enabled = true,
+                InterfaceTypes = "All",
+                LocalAddresses = "*",
+                Profiles = Int32.MaxValue,
+                Protocol = 6,
+                RemoteAddresses = "WINS",
+                SecureFlags = 0,
+                LocalPorts = "1600",
+                RemotePorts = "*",
+            };
+            Verifier.VerifyFirewallRule("WiXToolset401 Test - 0016", expected5);
+            var expected6 = new RuleDetails("WiXToolset401 Test - 0017")
+            {
+                Action = NET_FW_ACTION_.NET_FW_ACTION_ALLOW,
+                Description = "WiX Toolset firewall exception rule integration test - scope default gateway",
+                Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_IN,
+                EdgeTraversal = false,
+                EdgeTraversalOptions = 0,
+                Enabled = true,
+                InterfaceTypes = "All",
+                LocalAddresses = "*",
+                Profiles = Int32.MaxValue,
+                Protocol = 6,
+                RemoteAddresses = "DefaultGateway",
+                SecureFlags = 0,
+                LocalPorts = "1700",
+                RemotePorts = "*",
+            };
+            Verifier.VerifyFirewallRule("WiXToolset401 Test - 0017", expected6);
+            product.UninstallProduct(MSIExec.MSIExecReturnCode.SUCCESS);
+            // verify the firewall exceptions have been removed.
+            Assert.False(Verifier.FirewallRuleExists("WiXToolset401 Test - 0012"));
+            Assert.False(Verifier.FirewallRuleExists("WiXToolset401 Test - 0013"));
+            Assert.False(Verifier.FirewallRuleExists("WiXToolset401 Test - 0014"));
+            Assert.False(Verifier.FirewallRuleExists("WiXToolset401 Test - 0015"));
+            Assert.False(Verifier.FirewallRuleExists("WiXToolset401 Test - 0016"));
+            Assert.False(Verifier.FirewallRuleExists("WiXToolset401 Test - 0017"));
+        }
    }
 }
diff --git a/src/wix/WixToolset.Converters/WixConverter.cs b/src/wix/WixToolset.Converters/WixConverter.cs
index f3675ecc..178b90be 100644
--- a/src/wix/WixToolset.Converters/WixConverter.cs
+++ b/src/wix/WixToolset.Converters/WixConverter.cs
@@ -205,8 +205,8 @@ namespace WixToolset.Converters
            { "WixDependencyRequire", "Wix4DependencyRequire_<PlatformSuffix>" },
            { "WixDependencyCheck", "Wix4DependencyCheck_<PlatformSuffix>" },
            { "WixQueryDirectXCaps", "Wix4QueryDirectXCaps_<PlatformSuffix>" },
-            { "WixSchedFirewallExceptionsUninstall", "Wix4SchedFirewallExceptionsUninstall_<PlatformSuffix>" },
+            { "WixSchedFirewallExceptionsUninstall", "Wix5SchedFirewallExceptionsUninstall_<PlatformSuffix>" },
-            { "WixSchedFirewallExceptionsInstall", "Wix4SchedFirewallExceptionsInstall_<PlatformSuffix>" },
+            { "WixSchedFirewallExceptionsInstall", "Wix5SchedFirewallExceptionsInstall_<PlatformSuffix>" },
            { "WixSchedHttpUrlReservationsUninstall", "Wix4SchedHttpUrlReservationsUninstall_<PlatformSuffix>" },
            { "WixSchedHttpUrlReservationsInstall", "Wix4SchedHttpUrlReservationsInstall_<PlatformSuffix>" },
            { "ConfigureIIs", "Wix4ConfigureIIs_<PlatformSuffix>" },
author	chris_bednarski <Chris.Bednarski@minfos.com.au>	2023-08-26 18:51:38 +1000
committer	Bob Arnson <github@bobs.org>	2023-11-19 12:17:13 -0500
commit	80e604761b4f43b9b79a4878fcae360b071a7c35 (patch)
tree	9ca40a1d60a2ef1a5a1a426382356ae8b7cf9868
parent	6e974490eeabc9a3728aa2fb9ad07e8a5adf4fb6 (diff)
download	wix-80e604761b4f43b9b79a4878fcae360b071a7c35.tar.gz wix-80e604761b4f43b9b79a4878fcae360b071a7c35.tar.bz2 wix-80e604761b4f43b9b79a4878fcae360b071a7c35.zip