From 80e604761b4f43b9b79a4878fcae360b071a7c35 Mon Sep 17 00:00:00 2001
From: chris_bednarski <Chris.Bednarski@minfos.com.au>
Date: Sat, 26 Aug 2023 18:51:38 +1000
Subject: change firewall extension table name to Wix5FirewallException

---
 src/ext/Firewall/ca/firewall.cpp                   |  18 +--
 .../FirewallExtensionFixture.cs                    | 160 ++++++++++++++++++---
 .../TestData/UsingFirewall/PackageComponents.wxs   |   4 +
 src/ext/Firewall/wixext/FirewallCompiler.cs        |  40 +++++-
 src/ext/Firewall/wixext/FirewallDecompiler.cs      |  40 ++++--
 .../Firewall/wixext/FirewallTableDefinitions.cs    |   6 +-
 .../Firewall/wixlib/FirewallExtension_Platform.wxi |  32 ++---
 src/ext/caDecor.h                                  |  10 ++
 src/ext/caDecor.wxi                                |   6 +
 9 files changed, 251 insertions(+), 65 deletions(-)

(limited to 'src/ext')

diff --git a/src/ext/Firewall/ca/firewall.cpp b/src/ext/Firewall/ca/firewall.cpp
index 2a1ef825..eed6f9df 100644
--- a/src/ext/Firewall/ca/firewall.cpp
+++ b/src/ext/Firewall/ca/firewall.cpp
@@ -3,7 +3,7 @@
 #include "precomp.h"
 
 LPCWSTR vcsFirewallExceptionQuery =
-    L"SELECT `Name`, `RemoteAddresses`, `Port`, `Protocol`, `Program`, `Attributes`, `Profile`, `Component_`, `Description`, `Direction` FROM `Wix4FirewallException`";
+    L"SELECT `Name`, `RemoteAddresses`, `Port`, `Protocol`, `Program`, `Attributes`, `Profile`, `Component_`, `Description`, `Direction` FROM `Wix5FirewallException`";
 enum eFirewallExceptionQuery { feqName = 1, feqRemoteAddresses, feqPort, feqProtocol, feqProgram, feqAttributes, feqProfile, feqComponent, feqDescription, feqDirection };
 enum eFirewallExceptionTarget { fetPort = 1, fetApplication, fetUnknown };
 enum eFirewallExceptionAttributes { feaIgnoreFailures = 1 };
@@ -49,15 +49,15 @@ static UINT SchedFirewallExceptions(
     ExitOnFailure(hr, "Failed to initialize");
 
     // anything to do?
-    if (S_OK != WcaTableExists(L"Wix4FirewallException"))
+    if (S_OK != WcaTableExists(L"Wix5FirewallException"))
     {
-        WcaLog(LOGMSG_STANDARD, "Wix4FirewallException table doesn't exist, so there are no firewall exceptions to configure.");
+        WcaLog(LOGMSG_STANDARD, "Wix5FirewallException table doesn't exist, so there are no firewall exceptions to configure.");
         ExitFunction();
     }
 
     // query and loop through all the firewall exceptions
     hr = WcaOpenExecuteView(vcsFirewallExceptionQuery, &hView);
-    ExitOnFailure(hr, "Failed to open view on Wix4FirewallException table");
+    ExitOnFailure(hr, "Failed to open view on Wix5FirewallException table");
 
     while (S_OK == (hr = WcaFetchRecord(hView, &hRec)))
     {
@@ -150,7 +150,7 @@ static UINT SchedFirewallExceptions(
     {
         hr = S_OK;
     } 
-    ExitOnFailure(hr, "failure occured while processing Wix4FirewallException table");
+    ExitOnFailure(hr, "failure occured while processing Wix5FirewallException table");
 
     // schedule ExecFirewallExceptions if there's anything to do
     if (pwzCustomActionData && *pwzCustomActionData)
@@ -159,16 +159,16 @@ static UINT SchedFirewallExceptions(
 
         if (WCA_TODO_INSTALL == todoSched)
         {
-            hr = WcaDoDeferredAction(CUSTOM_ACTION_DECORATION(L"RollbackFirewallExceptionsInstall"), pwzCustomActionData, cFirewallExceptions * COST_FIREWALL_EXCEPTION);
+            hr = WcaDoDeferredAction(CUSTOM_ACTION_DECORATION5(L"RollbackFirewallExceptionsInstall"), pwzCustomActionData, cFirewallExceptions * COST_FIREWALL_EXCEPTION);
             ExitOnFailure(hr, "failed to schedule firewall install exceptions rollback");            
-            hr = WcaDoDeferredAction(CUSTOM_ACTION_DECORATION(L"ExecFirewallExceptionsInstall"), pwzCustomActionData, cFirewallExceptions * COST_FIREWALL_EXCEPTION);
+            hr = WcaDoDeferredAction(CUSTOM_ACTION_DECORATION5(L"ExecFirewallExceptionsInstall"), pwzCustomActionData, cFirewallExceptions * COST_FIREWALL_EXCEPTION);
             ExitOnFailure(hr, "failed to schedule firewall install exceptions execution");
         }
         else
         {
-            hr = WcaDoDeferredAction(CUSTOM_ACTION_DECORATION(L"RollbackFirewallExceptionsUninstall"), pwzCustomActionData, cFirewallExceptions * COST_FIREWALL_EXCEPTION);
+            hr = WcaDoDeferredAction(CUSTOM_ACTION_DECORATION5(L"RollbackFirewallExceptionsUninstall"), pwzCustomActionData, cFirewallExceptions * COST_FIREWALL_EXCEPTION);
             ExitOnFailure(hr, "failed to schedule firewall uninstall exceptions rollback");    
-            hr = WcaDoDeferredAction(CUSTOM_ACTION_DECORATION(L"ExecFirewallExceptionsUninstall"), pwzCustomActionData, cFirewallExceptions * COST_FIREWALL_EXCEPTION);
+            hr = WcaDoDeferredAction(CUSTOM_ACTION_DECORATION5(L"ExecFirewallExceptionsUninstall"), pwzCustomActionData, cFirewallExceptions * COST_FIREWALL_EXCEPTION);
             ExitOnFailure(hr, "failed to schedule firewall uninstall exceptions execution");
         }
     }
diff --git a/src/ext/Firewall/test/WixToolsetTest.Firewall/FirewallExtensionFixture.cs b/src/ext/Firewall/test/WixToolsetTest.Firewall/FirewallExtensionFixture.cs
index 06a877f6..7119e92d 100644
--- a/src/ext/Firewall/test/WixToolsetTest.Firewall/FirewallExtensionFixture.cs
+++ b/src/ext/Firewall/test/WixToolsetTest.Firewall/FirewallExtensionFixture.cs
@@ -18,17 +18,21 @@ namespace WixToolsetTest.Firewall
             var folder = TestData.Get(@"TestData\UsingFirewall");
             var build = new Builder(folder, typeof(FirewallExtensionFactory), new[] { folder });
 
-            var results = build.BuildAndQuery(Build, "Wix4FirewallException", "CustomAction");
+            var results = build.BuildAndQuery(Build, "Wix5FirewallException", "CustomAction");
             WixAssert.CompareLineByLine(new[]
             {
-                "CustomAction:Wix4ExecFirewallExceptionsInstall_X86\t3073\tWix4FWCA_X86\tExecFirewallExceptions\t",
-                "CustomAction:Wix4ExecFirewallExceptionsUninstall_X86\t3073\tWix4FWCA_X86\tExecFirewallExceptions\t",
-                "CustomAction:Wix4RollbackFirewallExceptionsInstall_X86\t3329\tWix4FWCA_X86\tExecFirewallExceptions\t",
-                "CustomAction:Wix4RollbackFirewallExceptionsUninstall_X86\t3329\tWix4FWCA_X86\tExecFirewallExceptions\t",
-                "CustomAction:Wix4SchedFirewallExceptionsInstall_X86\t1\tWix4FWCA_X86\tSchedFirewallExceptionsInstall\t",
-                "CustomAction:Wix4SchedFirewallExceptionsUninstall_X86\t1\tWix4FWCA_X86\tSchedFirewallExceptionsUninstall\t",
-                "Wix4FirewallException:ExampleFirewall\tExampleApp\t*\t42\t6\t[#filNdJBJmq3UCUIwmXS8x21aAsvqzk]\t0\t2147483647\tfilNdJBJmq3UCUIwmXS8x21aAsvqzk\tAn app-based firewall exception\t1",
-                "Wix4FirewallException:fex70IVsYNnbwiHQrEepmdTPKH8XYs\tExamplePort\tLocalSubnet\t42\t6\t\t0\t2147483647\tfilNdJBJmq3UCUIwmXS8x21aAsvqzk\tA port-based firewall exception\t2",
+                "CustomAction:Wix5ExecFirewallExceptionsInstall_X86\t3073\tWix5FWCA_X86\tExecFirewallExceptions\t",
+                "CustomAction:Wix5ExecFirewallExceptionsUninstall_X86\t3073\tWix5FWCA_X86\tExecFirewallExceptions\t",
+                "CustomAction:Wix5RollbackFirewallExceptionsInstall_X86\t3329\tWix5FWCA_X86\tExecFirewallExceptions\t",
+                "CustomAction:Wix5RollbackFirewallExceptionsUninstall_X86\t3329\tWix5FWCA_X86\tExecFirewallExceptions\t",
+                "CustomAction:Wix5SchedFirewallExceptionsInstall_X86\t1\tWix5FWCA_X86\tSchedFirewallExceptionsInstall\t",
+                "CustomAction:Wix5SchedFirewallExceptionsUninstall_X86\t1\tWix5FWCA_X86\tSchedFirewallExceptionsUninstall\t",
+                "Wix5FirewallException:ExampleFirewall\tExampleApp\t*\t42\t6\t[#filNdJBJmq3UCUIwmXS8x21aAsvqzk]\t0\t2147483647\tfilNdJBJmq3UCUIwmXS8x21aAsvqzk\tAn app-based firewall exception\t1",
+                "Wix5FirewallException:fex_ZpDsnKyHlYiA24JHzvFxm3uLZ8\tExampleDefaultGatewayScope\tDefaultGateway\t4432\t6\t\t0\t2\tfilNdJBJmq3UCUIwmXS8x21aAsvqzk\tdefaultGateway scope firewall exception\t1",
+                "Wix5FirewallException:fex6bkfWwpiRGI.wVFx0T7W4LXIHxU\tExampleDHCPScope\tdhcp\t\t211\ttest.exe\t0\t4\tfilNdJBJmq3UCUIwmXS8x21aAsvqzk\tDHCP scope firewall exception\t1",
+                "Wix5FirewallException:fex70IVsYNnbwiHQrEepmdTPKH8XYs\tExamplePort\tLocalSubnet\t42\t6\t\t0\t2147483647\tfilNdJBJmq3UCUIwmXS8x21aAsvqzk\tA port-based firewall exception\t2",
+                "Wix5FirewallException:fexXxaXCXXFh.UxO_BjmZxi1B1du_Q\tExampleWINSScope\twins\t6573\t6\t\t0\t1\tfilNdJBJmq3UCUIwmXS8x21aAsvqzk\tWINS scope firewall exception\t1",
+                "Wix5FirewallException:fexxY71H2ZBkPalv7uid1Yy4qaA_lA\tExampleDNSScope\tdns\t356\t17\t\t0\t2147483647\tfilNdJBJmq3UCUIwmXS8x21aAsvqzk\tDNS scope firewall exception\t1",
             }, results);
         }
 
@@ -38,17 +42,21 @@ namespace WixToolsetTest.Firewall
             var folder = TestData.Get(@"TestData\UsingFirewall");
             var build = new Builder(folder, typeof(FirewallExtensionFactory), new[] { folder });
 
-            var results = build.BuildAndQuery(BuildARM64, "Wix4FirewallException", "CustomAction");
+            var results = build.BuildAndQuery(BuildARM64, "Wix5FirewallException", "CustomAction");
             WixAssert.CompareLineByLine(new[]
             {
-                "CustomAction:Wix4ExecFirewallExceptionsInstall_A64\t3073\tWix4FWCA_A64\tExecFirewallExceptions\t",
-                "CustomAction:Wix4ExecFirewallExceptionsUninstall_A64\t3073\tWix4FWCA_A64\tExecFirewallExceptions\t",
-                "CustomAction:Wix4RollbackFirewallExceptionsInstall_A64\t3329\tWix4FWCA_A64\tExecFirewallExceptions\t",
-                "CustomAction:Wix4RollbackFirewallExceptionsUninstall_A64\t3329\tWix4FWCA_A64\tExecFirewallExceptions\t",
-                "CustomAction:Wix4SchedFirewallExceptionsInstall_A64\t1\tWix4FWCA_A64\tSchedFirewallExceptionsInstall\t",
-                "CustomAction:Wix4SchedFirewallExceptionsUninstall_A64\t1\tWix4FWCA_A64\tSchedFirewallExceptionsUninstall\t",
-                "Wix4FirewallException:ExampleFirewall\tExampleApp\t*\t42\t6\t[#filNdJBJmq3UCUIwmXS8x21aAsvqzk]\t0\t2147483647\tfilNdJBJmq3UCUIwmXS8x21aAsvqzk\tAn app-based firewall exception\t1",
-                "Wix4FirewallException:fex70IVsYNnbwiHQrEepmdTPKH8XYs\tExamplePort\tLocalSubnet\t42\t6\t\t0\t2147483647\tfilNdJBJmq3UCUIwmXS8x21aAsvqzk\tA port-based firewall exception\t2",
+                "CustomAction:Wix5ExecFirewallExceptionsInstall_A64\t3073\tWix5FWCA_A64\tExecFirewallExceptions\t",
+                "CustomAction:Wix5ExecFirewallExceptionsUninstall_A64\t3073\tWix5FWCA_A64\tExecFirewallExceptions\t",
+                "CustomAction:Wix5RollbackFirewallExceptionsInstall_A64\t3329\tWix5FWCA_A64\tExecFirewallExceptions\t",
+                "CustomAction:Wix5RollbackFirewallExceptionsUninstall_A64\t3329\tWix5FWCA_A64\tExecFirewallExceptions\t",
+                "CustomAction:Wix5SchedFirewallExceptionsInstall_A64\t1\tWix5FWCA_A64\tSchedFirewallExceptionsInstall\t",
+                "CustomAction:Wix5SchedFirewallExceptionsUninstall_A64\t1\tWix5FWCA_A64\tSchedFirewallExceptionsUninstall\t",
+                "Wix5FirewallException:ExampleFirewall\tExampleApp\t*\t42\t6\t[#filNdJBJmq3UCUIwmXS8x21aAsvqzk]\t0\t2147483647\tfilNdJBJmq3UCUIwmXS8x21aAsvqzk\tAn app-based firewall exception\t1",
+                "Wix5FirewallException:fex_ZpDsnKyHlYiA24JHzvFxm3uLZ8\tExampleDefaultGatewayScope\tDefaultGateway\t4432\t6\t\t0\t2\tfilNdJBJmq3UCUIwmXS8x21aAsvqzk\tdefaultGateway scope firewall exception\t1",
+                "Wix5FirewallException:fex6bkfWwpiRGI.wVFx0T7W4LXIHxU\tExampleDHCPScope\tdhcp\t\t211\ttest.exe\t0\t4\tfilNdJBJmq3UCUIwmXS8x21aAsvqzk\tDHCP scope firewall exception\t1",
+                "Wix5FirewallException:fex70IVsYNnbwiHQrEepmdTPKH8XYs\tExamplePort\tLocalSubnet\t42\t6\t\t0\t2147483647\tfilNdJBJmq3UCUIwmXS8x21aAsvqzk\tA port-based firewall exception\t2",
+                "Wix5FirewallException:fexXxaXCXXFh.UxO_BjmZxi1B1du_Q\tExampleWINSScope\twins\t6573\t6\t\t0\t1\tfilNdJBJmq3UCUIwmXS8x21aAsvqzk\tWINS scope firewall exception\t1",
+                "Wix5FirewallException:fexxY71H2ZBkPalv7uid1Yy4qaA_lA\tExampleDNSScope\tdns\t356\t17\t\t0\t2147483647\tfilNdJBJmq3UCUIwmXS8x21aAsvqzk\tDNS scope firewall exception\t1",
             }, results);
         }
 
@@ -71,8 +79,17 @@ namespace WixToolsetTest.Firewall
             {
                 "FirewallException",
                 "FirewallException",
+                "FirewallException",
+                "FirewallException",
+                "FirewallException",
+                "FirewallException",
             }, actual.Select(a => a.Name).ToArray());
+        }
 
+        [Fact]
+        public void RoundtripAttributesAreCorrectForApp()
+        {
+            var actual = BuildAndDecompileAndBuild("http://wixtoolset.org/schemas/v4/wxs/firewall", "ExampleApp");
             WixAssert.CompareLineByLine(new[]
             {
                 "Id=ExampleFirewall",
@@ -85,8 +102,13 @@ namespace WixToolsetTest.Firewall
                 "Description=An app-based firewall exception",
                 "Outbound=no",
                 "xmlns=http://wixtoolset.org/schemas/v4/wxs/firewall",
-            }, actual[0].Attributes);
+            }, actual.Attributes);
+        }
 
+        [Fact]
+        public void RoundtripAttributesAreCorrectForPort()
+        {
+            var actual = BuildAndDecompileAndBuild("http://wixtoolset.org/schemas/v4/wxs/firewall", "ExamplePort");
             WixAssert.CompareLineByLine(new[]
             {
                 "Id=fex70IVsYNnbwiHQrEepmdTPKH8XYs",
@@ -98,7 +120,79 @@ namespace WixToolsetTest.Firewall
                 "Description=A port-based firewall exception",
                 "Outbound=yes",
                 "xmlns=http://wixtoolset.org/schemas/v4/wxs/firewall",
-            }, actual[1].Attributes);
+            }, actual.Attributes);
+        }
+
+        [Fact]
+        public void RoundtripAttributesAreCorrectForDNSScope()
+        {
+            var actual = BuildAndDecompileAndBuild("http://wixtoolset.org/schemas/v4/wxs/firewall", "ExampleDNSScope");
+            WixAssert.CompareLineByLine(new[]
+            {
+                "Id=fexxY71H2ZBkPalv7uid1Yy4qaA_lA",
+                "Name=ExampleDNSScope",
+                "Scope=DNS",
+                "Port=356",
+                "Protocol=udp",
+                "Profile=all",
+                "Description=DNS scope firewall exception",
+                "Outbound=no",
+                "xmlns=http://wixtoolset.org/schemas/v4/wxs/firewall",
+            }, actual.Attributes);
+        }
+
+        [Fact]
+        public void RoundtripAttributesAreCorrectForDHCPScope()
+        {
+            var actual = BuildAndDecompileAndBuild("http://wixtoolset.org/schemas/v4/wxs/firewall", "ExampleDHCPScope");
+            WixAssert.CompareLineByLine(new[]
+            {
+                "Id=fex6bkfWwpiRGI.wVFx0T7W4LXIHxU",
+                "Name=ExampleDHCPScope",
+                "Scope=DHCP",
+                "Protocol=211",
+                "Program=test.exe",
+                "Profile=public",
+                "Description=DHCP scope firewall exception",
+                "Outbound=no",
+                "xmlns=http://wixtoolset.org/schemas/v4/wxs/firewall"
+            }, actual.Attributes);
+        }
+
+        [Fact]
+        public void RoundtripAttributesAreCorrectForWINSScope()
+        {
+            var actual = BuildAndDecompileAndBuild("http://wixtoolset.org/schemas/v4/wxs/firewall", "ExampleWINSScope");
+            WixAssert.CompareLineByLine(new[]
+            {
+                "Id=fexXxaXCXXFh.UxO_BjmZxi1B1du_Q",
+                "Name=ExampleWINSScope",
+                "Scope=WINS",
+                "Port=6573",
+                "Protocol=tcp",
+                "Profile=domain",
+                "Description=WINS scope firewall exception",
+                "Outbound=no",
+                "xmlns=http://wixtoolset.org/schemas/v4/wxs/firewall",
+            }, actual.Attributes);
+        }
+
+        [Fact]
+        public void RoundtripAttributesAreCorrectForDefaultGatewayScope()
+        {
+            var actual = BuildAndDecompileAndBuild("http://wixtoolset.org/schemas/v4/wxs/firewall", "ExampleDefaultGatewayScope");
+            WixAssert.CompareLineByLine(new[]
+            {
+                "Id=fex_ZpDsnKyHlYiA24JHzvFxm3uLZ8",
+                "Name=ExampleDefaultGatewayScope",
+                "Scope=defaultGateway",
+                "Port=4432",
+                "Protocol=tcp",
+                "Profile=private",
+                "Description=defaultGateway scope firewall exception",
+                "Outbound=no",
+                "xmlns=http://wixtoolset.org/schemas/v4/wxs/firewall",
+            }, actual.Attributes);
         }
 
         private static void Build(string[] args)
@@ -122,5 +216,31 @@ namespace WixToolsetTest.Firewall
             var result = WixRunner.Execute(args);
             result.AssertSuccess();
         }
+        class AttributeVerifier
+        {
+            public string Name { get; set; }
+            public string[] Attributes { get; set; }
+        }
+
+        private static AttributeVerifier BuildAndDecompileAndBuild(string nameSpace, string ruleName)
+        {
+            var folder = TestData.Get(@"TestData", "UsingFirewall");
+            var build = new Builder(folder, typeof(FirewallExtensionFactory), new[] { folder });
+            var output = Path.Combine(folder, $"Firewall{ruleName}.xml");
+
+            build.BuildAndDecompileAndBuild(Build, Decompile, output);
+
+            var doc = XDocument.Load(output);
+            var actual = doc.Descendants()
+                .Where(e => e.Name.Namespace == nameSpace)
+                .Select(fe => new AttributeVerifier
+                {
+                    Name = fe.Attributes().Single(a => a.Name.LocalName == "Name").Value,
+                    Attributes = fe.Attributes().Select(a => $"{a.Name.LocalName}={a.Value}").ToArray()
+                })
+                .Single(av => av.Name == ruleName);
+
+            return actual;
+        }
     }
 }
diff --git a/src/ext/Firewall/test/WixToolsetTest.Firewall/TestData/UsingFirewall/PackageComponents.wxs b/src/ext/Firewall/test/WixToolsetTest.Firewall/TestData/UsingFirewall/PackageComponents.wxs
index c712d895..957aa642 100644
--- a/src/ext/Firewall/test/WixToolsetTest.Firewall/TestData/UsingFirewall/PackageComponents.wxs
+++ b/src/ext/Firewall/test/WixToolsetTest.Firewall/TestData/UsingFirewall/PackageComponents.wxs
@@ -12,6 +12,10 @@
                 </File>
 
                 <fw:FirewallException Description="A port-based firewall exception" Name="ExamplePort" Port="42" Outbound="yes" Scope="localSubnet" />
+                <fw:FirewallException Description="DNS scope firewall exception" Name="ExampleDNSScope" Port="356" Protocol="udp" Scope="DNS" />
+                <fw:FirewallException Description="DHCP scope firewall exception" Name="ExampleDHCPScope" Program="test.exe" Protocol="211" Scope="DHCP" Profile="public" />
+                <fw:FirewallException Description="WINS scope firewall exception" Name="ExampleWINSScope" Port="6573" Scope="WINS" Profile="domain"/>
+                <fw:FirewallException Description="defaultGateway scope firewall exception" Name="ExampleDefaultGatewayScope" Port="4432" Scope="defaultGateway" Profile="private" />
             </Component>
         </ComponentGroup>
     </Fragment>
diff --git a/src/ext/Firewall/wixext/FirewallCompiler.cs b/src/ext/Firewall/wixext/FirewallCompiler.cs
index 19ee0b6d..ed49ba9c 100644
--- a/src/ext/Firewall/wixext/FirewallCompiler.cs
+++ b/src/ext/Firewall/wixext/FirewallCompiler.cs
@@ -135,7 +135,12 @@ namespace WixToolset.Firewall
                                     protocol = FirewallConstants.NET_FW_IP_PROTOCOL_UDP;
                                     break;
                                 default:
-                                    this.Messaging.Write(ErrorMessages.IllegalAttributeValue(sourceLineNumbers, element.Name.LocalName, "Protocol", protocolValue, "tcp", "udp"));
+                                    int parsedProtocol;
+                                    if (!Int32.TryParse(protocolValue, out parsedProtocol) || parsedProtocol > 255 || parsedProtocol < 0)
+                                    {
+                                        this.Messaging.Write(ErrorMessages.IllegalAttributeValue(sourceLineNumbers, element.Name.LocalName, "Protocol", protocolValue, "tcp", "udp", "0-255"));
+                                    }
+                                    protocol = parsedProtocol;
                                     break;
                             }
                             break;
@@ -149,8 +154,20 @@ namespace WixToolset.Firewall
                                 case "localSubnet":
                                     remoteAddresses = "LocalSubnet";
                                     break;
+                                case "DNS":
+                                    remoteAddresses = "dns";
+                                    break;
+                                case "DHCP":
+                                    remoteAddresses = "dhcp";
+                                    break;
+                                case "WINS":
+                                    remoteAddresses = "wins";
+                                    break;
+                                case "defaultGateway":
+                                    remoteAddresses = "DefaultGateway";
+                                    break;
                                 default:
-                                    this.Messaging.Write(ErrorMessages.IllegalAttributeValue(sourceLineNumbers, element.Name.LocalName, "Scope", scope, "any", "localSubnet"));
+                                    this.Messaging.Write(ErrorMessages.IllegalAttributeValue(sourceLineNumbers, element.Name.LocalName, "Scope", scope, "any", "localSubnet", "DNS", "DHCP", "WINS", "defaultGateway"));
                                     break;
                             }
                             break;
@@ -251,6 +268,21 @@ namespace WixToolset.Firewall
                 this.Messaging.Write(FirewallErrors.NoExceptionSpecified(sourceLineNumbers));
             }
 
+            // Ports can only be specified if the protocol is TCP or UDP.
+            if (!String.IsNullOrEmpty(port) && protocol.HasValue)
+            {
+                switch(protocol.Value)
+                {
+                    case FirewallConstants.NET_FW_IP_PROTOCOL_TCP:
+                    case FirewallConstants.NET_FW_IP_PROTOCOL_UDP:
+                        break;
+
+                    default:
+                        this.Messaging.Write(ErrorMessages.IllegalAttributeWithOtherAttribute(sourceLineNumbers, element.Name.LocalName, "Port", "Protocol", protocol.Value.ToString()));
+                        break;
+                }
+            }
+
             if (!this.Messaging.EncounteredError)
             {
                 // at this point, File attribute and File parent element are treated the same
@@ -300,8 +332,8 @@ namespace WixToolset.Firewall
                     symbol.Attributes = attributes;
                 }
 
-                this.ParseHelper.CreateCustomActionReference(sourceLineNumbers, section, "Wix4SchedFirewallExceptionsInstall", this.Context.Platform, CustomActionPlatforms.ARM64 | CustomActionPlatforms.X64 | CustomActionPlatforms.X86);
-                this.ParseHelper.CreateCustomActionReference(sourceLineNumbers, section, "Wix4SchedFirewallExceptionsUninstall", this.Context.Platform, CustomActionPlatforms.ARM64 | CustomActionPlatforms.X64 | CustomActionPlatforms.X86);
+                this.ParseHelper.CreateCustomActionReference(sourceLineNumbers, section, "Wix5SchedFirewallExceptionsInstall", this.Context.Platform, CustomActionPlatforms.ARM64 | CustomActionPlatforms.X64 | CustomActionPlatforms.X86);
+                this.ParseHelper.CreateCustomActionReference(sourceLineNumbers, section, "Wix5SchedFirewallExceptionsUninstall", this.Context.Platform, CustomActionPlatforms.ARM64 | CustomActionPlatforms.X64 | CustomActionPlatforms.X86);
             }
         }
 
diff --git a/src/ext/Firewall/wixext/FirewallDecompiler.cs b/src/ext/Firewall/wixext/FirewallDecompiler.cs
index 69f2c3f4..9ddd8a9a 100644
--- a/src/ext/Firewall/wixext/FirewallDecompiler.cs
+++ b/src/ext/Firewall/wixext/FirewallDecompiler.cs
@@ -32,7 +32,7 @@ namespace WixToolset.Firewall
         {
             switch (table.Name)
             {
-                case "Wix4FirewallException":
+                case "Wix5FirewallException":
                     this.DecompileWixFirewallExceptionTable(table);
                     break;
                 default:
@@ -69,18 +69,29 @@ namespace WixToolset.Firewall
                     string[] addresses = ((string)row[2]).Split(',');
                     if (addresses.Length == 1)
                     {
-                        // special-case the Scope attribute values
-                        if (addresses[0] == "*")
+                        switch(addresses[0])
                         {
-                            firewallException.Add(new XAttribute("Scope", "any"));
-                        }
-                        else if (addresses[0] == "LocalSubnet")
-                        {
-                            firewallException.Add(new XAttribute("Scope", "localSubnet"));
-                        }
-                        else
-                        {
-                            FirewallDecompiler.AddRemoteAddress(firewallException, addresses[0]);
+                            case "*":
+                                firewallException.Add(new XAttribute("Scope", "any"));
+                                break;
+                            case "LocalSubnet":
+                                firewallException.Add(new XAttribute("Scope", "localSubnet"));
+                                break;
+                            case "dns":
+                                firewallException.Add(new XAttribute("Scope", "DNS"));
+                                break;
+                            case "dhcp":
+                                firewallException.Add(new XAttribute("Scope", "DHCP"));
+                                break;
+                            case "wins":
+                                firewallException.Add(new XAttribute("Scope", "WINS"));
+                                break;
+                            case "DefaultGateway":
+                                firewallException.Add(new XAttribute("Scope", "defaultGateway"));
+                                break;
+                            default:
+                                FirewallDecompiler.AddRemoteAddress(firewallException, addresses[0]);
+                                break;
                         }
                     }
                     else
@@ -107,6 +118,9 @@ namespace WixToolset.Firewall
                         case FirewallConstants.NET_FW_IP_PROTOCOL_UDP:
                             firewallException.Add(new XAttribute("Protocol", "udp"));
                             break;
+                        default:
+                            firewallException.Add(new XAttribute("Protocol", row[4]));
+                            break;
                     }
                 }
 
@@ -183,7 +197,7 @@ namespace WixToolset.Firewall
         /// <param name="tables">Collection of all tables.</param>
         private void FinalizeFirewallExceptionTable(TableIndexedCollection tables)
         {
-            if (tables.TryGetTable("Wix4FirewallException", out var firewallExceptionTable))
+            if (tables.TryGetTable("Wix5FirewallException", out var firewallExceptionTable))
             {
                 foreach (var row in firewallExceptionTable.Rows)
                 {
diff --git a/src/ext/Firewall/wixext/FirewallTableDefinitions.cs b/src/ext/Firewall/wixext/FirewallTableDefinitions.cs
index 04918f5f..26dedbf1 100644
--- a/src/ext/Firewall/wixext/FirewallTableDefinitions.cs
+++ b/src/ext/Firewall/wixext/FirewallTableDefinitions.cs
@@ -7,15 +7,15 @@ namespace WixToolset.Firewall
     public static class FirewallTableDefinitions
     {
         public static readonly TableDefinition WixFirewallException = new TableDefinition(
-            "Wix4FirewallException",
+            "Wix5FirewallException",
             FirewallSymbolDefinitions.WixFirewallException,
             new[]
             {
-                new ColumnDefinition("Wix4FirewallException", ColumnType.String, 72, primaryKey: true, nullable: false, ColumnCategory.Identifier, description: "The primary key, a non-localized token.", modularizeType: ColumnModularizeType.Column),
+                new ColumnDefinition("Wix5FirewallException", ColumnType.String, 72, primaryKey: true, nullable: false, ColumnCategory.Identifier, description: "The primary key, a non-localized token.", modularizeType: ColumnModularizeType.Column),
                 new ColumnDefinition("Name", ColumnType.Localized, 255, primaryKey: false, nullable: true, ColumnCategory.Formatted, description: "Localizable display name.", modularizeType: ColumnModularizeType.Property),
                 new ColumnDefinition("RemoteAddresses", ColumnType.String, 0, primaryKey: false, nullable: false, ColumnCategory.Formatted, description: "Remote address to accept incoming connections from.", modularizeType: ColumnModularizeType.Property),
                 new ColumnDefinition("Port", ColumnType.String, 0, primaryKey: false, nullable: true, ColumnCategory.Formatted, minValue: 1, description: "Port number.", modularizeType: ColumnModularizeType.Property),
-                new ColumnDefinition("Protocol", ColumnType.Number, 1, primaryKey: false, nullable: true, ColumnCategory.Integer, minValue: 6, maxValue: 17, description: "Protocol (6=TCP; 17=UDP)."),
+                new ColumnDefinition("Protocol", ColumnType.Number, 1, primaryKey: false, nullable: true, ColumnCategory.Integer, minValue: 0, maxValue: 255, description: "Protocol (6=TCP; 17=UDP). https://www.iana.org/assignments/protocol-numbers"),
                 new ColumnDefinition("Program", ColumnType.String, 255, primaryKey: false, nullable: true, ColumnCategory.Formatted, description: "Exception for a program (formatted path name).", modularizeType: ColumnModularizeType.Property),
                 new ColumnDefinition("Attributes", ColumnType.Number, 4, primaryKey: false, nullable: true, ColumnCategory.Unknown, description: "Vital=1"),
                 new ColumnDefinition("Profile", ColumnType.Number, 4, primaryKey: false, nullable: false, ColumnCategory.Integer, minValue: 1, maxValue: 2147483647, description: "Profile (1=domain; 2=private; 4=public; 2147483647=all)."),
diff --git a/src/ext/Firewall/wixlib/FirewallExtension_Platform.wxi b/src/ext/Firewall/wixlib/FirewallExtension_Platform.wxi
index ae02bcd0..736a54b0 100644
--- a/src/ext/Firewall/wixlib/FirewallExtension_Platform.wxi
+++ b/src/ext/Firewall/wixlib/FirewallExtension_Platform.wxi
@@ -6,32 +6,32 @@
     <Fragment>
         <UIRef Id="WixFirewallErrors" />
         <UI>
-            <ProgressText Action="$(var.Prefix)SchedFirewallExceptionsInstall$(var.Suffix)" Message="!(loc.WixSchedFirewallExceptionsInstall)" />
-            <ProgressText Action="$(var.Prefix)SchedFirewallExceptionsUninstall$(var.Suffix)" Message="!(loc.WixSchedFirewallExceptionsUninstall)" />
-            <ProgressText Action="$(var.Prefix)RollbackFirewallExceptionsInstall$(var.Suffix)" Message="!(loc.WixRollbackFirewallExceptionsInstall)" />
-            <ProgressText Action="$(var.Prefix)ExecFirewallExceptionsInstall$(var.Suffix)" Message="!(loc.WixExecFirewallExceptionsInstall)" />
-            <ProgressText Action="$(var.Prefix)RollbackFirewallExceptionsUninstall$(var.Suffix)" Message="!(loc.WixRollbackFirewallExceptionsUninstall)" />
-            <ProgressText Action="$(var.Prefix)ExecFirewallExceptionsUninstall$(var.Suffix)" Message="!(loc.WixExecFirewallExceptionsUninstall)" />
+            <ProgressText Action="$(var.Prefix5)SchedFirewallExceptionsInstall$(var.Suffix)" Message="!(loc.WixSchedFirewallExceptionsInstall)" />
+            <ProgressText Action="$(var.Prefix5)SchedFirewallExceptionsUninstall$(var.Suffix)" Message="!(loc.WixSchedFirewallExceptionsUninstall)" />
+            <ProgressText Action="$(var.Prefix5)RollbackFirewallExceptionsInstall$(var.Suffix)" Message="!(loc.WixRollbackFirewallExceptionsInstall)" />
+            <ProgressText Action="$(var.Prefix5)ExecFirewallExceptionsInstall$(var.Suffix)" Message="!(loc.WixExecFirewallExceptionsInstall)" />
+            <ProgressText Action="$(var.Prefix5)RollbackFirewallExceptionsUninstall$(var.Suffix)" Message="!(loc.WixRollbackFirewallExceptionsUninstall)" />
+            <ProgressText Action="$(var.Prefix5)ExecFirewallExceptionsUninstall$(var.Suffix)" Message="!(loc.WixExecFirewallExceptionsUninstall)" />
         </UI>
 
-        <CustomAction Id="$(var.Prefix)SchedFirewallExceptionsInstall$(var.Suffix)" DllEntry="SchedFirewallExceptionsInstall" Execute="immediate" Return="check" SuppressModularization="yes" BinaryRef="$(var.Prefix)FWCA$(var.Suffix)" />
-        <CustomAction Id="$(var.Prefix)SchedFirewallExceptionsUninstall$(var.Suffix)" DllEntry="SchedFirewallExceptionsUninstall" Execute="immediate" Return="check" SuppressModularization="yes" BinaryRef="$(var.Prefix)FWCA$(var.Suffix)" />
-        <CustomAction Id="$(var.Prefix)RollbackFirewallExceptionsInstall$(var.Suffix)" DllEntry="ExecFirewallExceptions" Execute="rollback" Impersonate="no" Return="check" SuppressModularization="yes" BinaryRef="$(var.Prefix)FWCA$(var.Suffix)" />
-        <CustomAction Id="$(var.Prefix)ExecFirewallExceptionsInstall$(var.Suffix)" DllEntry="ExecFirewallExceptions" Execute="deferred" Impersonate="no" Return="check" SuppressModularization="yes" BinaryRef="$(var.Prefix)FWCA$(var.Suffix)" />
-        <CustomAction Id="$(var.Prefix)RollbackFirewallExceptionsUninstall$(var.Suffix)" DllEntry="ExecFirewallExceptions" Execute="rollback" Impersonate="no" Return="check" SuppressModularization="yes" BinaryRef="$(var.Prefix)FWCA$(var.Suffix)" />
-        <CustomAction Id="$(var.Prefix)ExecFirewallExceptionsUninstall$(var.Suffix)" DllEntry="ExecFirewallExceptions" Execute="deferred" Impersonate="no" Return="check" SuppressModularization="yes" BinaryRef="$(var.Prefix)FWCA$(var.Suffix)" />
+        <CustomAction Id="$(var.Prefix5)SchedFirewallExceptionsInstall$(var.Suffix)" DllEntry="SchedFirewallExceptionsInstall" Execute="immediate" Return="check" SuppressModularization="yes" BinaryRef="$(var.Prefix5)FWCA$(var.Suffix)" />
+        <CustomAction Id="$(var.Prefix5)SchedFirewallExceptionsUninstall$(var.Suffix)" DllEntry="SchedFirewallExceptionsUninstall" Execute="immediate" Return="check" SuppressModularization="yes" BinaryRef="$(var.Prefix5)FWCA$(var.Suffix)" />
+        <CustomAction Id="$(var.Prefix5)RollbackFirewallExceptionsInstall$(var.Suffix)" DllEntry="ExecFirewallExceptions" Execute="rollback" Impersonate="no" Return="check" SuppressModularization="yes" BinaryRef="$(var.Prefix5)FWCA$(var.Suffix)" />
+        <CustomAction Id="$(var.Prefix5)ExecFirewallExceptionsInstall$(var.Suffix)" DllEntry="ExecFirewallExceptions" Execute="deferred" Impersonate="no" Return="check" SuppressModularization="yes" BinaryRef="$(var.Prefix5)FWCA$(var.Suffix)" />
+        <CustomAction Id="$(var.Prefix5)RollbackFirewallExceptionsUninstall$(var.Suffix)" DllEntry="ExecFirewallExceptions" Execute="rollback" Impersonate="no" Return="check" SuppressModularization="yes" BinaryRef="$(var.Prefix5)FWCA$(var.Suffix)" />
+        <CustomAction Id="$(var.Prefix5)ExecFirewallExceptionsUninstall$(var.Suffix)" DllEntry="ExecFirewallExceptions" Execute="deferred" Impersonate="no" Return="check" SuppressModularization="yes" BinaryRef="$(var.Prefix5)FWCA$(var.Suffix)" />
 
         <!--
-            We need the firewall on Windows XP SP2 or later.
+            We need the firewall on Windows Vista or later.
         -->
         <InstallExecuteSequence>
-            <Custom Action="$(var.Prefix)SchedFirewallExceptionsUninstall$(var.Suffix)" Before="RemoveFiles" Overridable="yes" Condition="VersionNT &gt;= 600 OR (VersionNT &gt;= 501 AND ((MsiNTProductType = 1 AND ServicePackLevel &gt;= 2) OR (MsiNTProductType &gt; 1 AND ServicePackLevel &gt;= 1)))" />
-            <Custom Action="$(var.Prefix)SchedFirewallExceptionsInstall$(var.Suffix)" After="InstallFiles" Overridable="yes" Condition="VersionNT &gt;= 600 OR (VersionNT &gt;= 501 AND ((MsiNTProductType = 1 AND ServicePackLevel &gt;= 2) OR (MsiNTProductType &gt; 1 AND ServicePackLevel &gt;= 1)))" />
+            <Custom Action="$(var.Prefix5)SchedFirewallExceptionsUninstall$(var.Suffix)" Before="RemoveFiles" Overridable="yes" Condition="VersionNT &gt;= 600" />
+            <Custom Action="$(var.Prefix5)SchedFirewallExceptionsInstall$(var.Suffix)" After="InstallFiles" Overridable="yes" Condition="VersionNT &gt;= 600" />
         </InstallExecuteSequence>
     </Fragment>
 
     <!-- Firewall Custom Action DLL Definitions -->
     <Fragment>
-        <Binary Id="$(var.Prefix)FWCA$(var.Suffix)" SourceFile="!(bindpath.$(var.platform))fwca.dll" />
+        <Binary Id="$(var.Prefix5)FWCA$(var.Suffix)" SourceFile="!(bindpath.$(var.platform))fwca.dll" />
     </Fragment>
 </Include>
diff --git a/src/ext/caDecor.h b/src/ext/caDecor.h
index da274650..060032cf 100644
--- a/src/ext/caDecor.h
+++ b/src/ext/caDecor.h
@@ -11,3 +11,13 @@
 #else
 #define CUSTOM_ACTION_DECORATION(f) L"Wix4" f L"_X86"
 #endif
+
+#if defined(_M_ARM64)
+#define CUSTOM_ACTION_DECORATION5(f) L"Wix5" f L"_A64"
+#elif defined(_M_AMD64)
+#define CUSTOM_ACTION_DECORATION5(f) L"Wix5" f L"_X64"
+#elif defined(_M_ARM)
+#define CUSTOM_ACTION_DECORATION5(f) L"Wix5" f L"_ARM"
+#else
+#define CUSTOM_ACTION_DECORATION5(f) L"Wix5" f L"_X86"
+#endif
diff --git a/src/ext/caDecor.wxi b/src/ext/caDecor.wxi
index b1711518..256d7586 100644
--- a/src/ext/caDecor.wxi
+++ b/src/ext/caDecor.wxi
@@ -8,6 +8,12 @@
 
     <?define Prefix="Wix4" ?>
 
+    <?ifdef Prefix5 ?>
+        <?undef Prefix5 ?>
+    <?endif?>
+
+    <?define Prefix5="Wix5" ?>
+
     <?ifndef platform ?>
         <?define platform="x86" ?>
     <?endif?>
-- 
cgit v1.2.3-55-g6feb