From dfb7512b85536b7726080648f2228cf8d0153724 Mon Sep 17 00:00:00 2001
From: chris_bednarski <Chris.Bednarski@minfos.com.au>
Date: Thu, 21 Sep 2023 16:03:28 +1000
Subject: add firewall extension decompiler, make msi modifications work, add
 all attributes

---
 src/test/burn/WixTestTools/Firewall/RuleDetails.cs |   8 +-
 .../CrossVersionMerge/CrossVersionMerge.wixproj    |  13 +
 .../CrossVersionMerge/Module401.msm                | Bin 0 -> 192512 bytes
 .../CrossVersionMerge/package.wxs                  |  35 ++
 .../FirewallRulesInterfaces.wixproj                |  13 +
 .../FirewallRulesInterfaces/product.wxs            |  32 ++
 .../FirewallRulesProperties.wixproj                |  13 +
 .../FirewallRulesProperties/product.wxs            |  57 ++
 .../Module401/Module401.wixproj                    |  10 +
 .../FirewallExtensionTests/Module401/data/test.txt |   1 +
 .../FirewallExtensionTests/Module401/module.wxs    |  36 ++
 .../ModuleCurrent/ModuleCurrent.wixproj            |  10 +
 .../ModuleCurrent/data/test.txt                    |   1 +
 .../ModuleCurrent/module.wxs                       |  36 ++
 .../NestedService/NestedService.wixproj            |  14 +
 .../NestedService/product.wxs                      |  25 +
 .../FirewallExtensionTests.cs                      | 640 ++++++++++++++++++++-
 .../WixToolsetTest.MsiE2E.csproj                   |   1 +
 18 files changed, 925 insertions(+), 20 deletions(-)
 create mode 100644 src/test/msi/TestData/FirewallExtensionTests/CrossVersionMerge/CrossVersionMerge.wixproj
 create mode 100644 src/test/msi/TestData/FirewallExtensionTests/CrossVersionMerge/Module401.msm
 create mode 100644 src/test/msi/TestData/FirewallExtensionTests/CrossVersionMerge/package.wxs
 create mode 100644 src/test/msi/TestData/FirewallExtensionTests/FirewallRulesInterfaces/FirewallRulesInterfaces.wixproj
 create mode 100644 src/test/msi/TestData/FirewallExtensionTests/FirewallRulesInterfaces/product.wxs
 create mode 100644 src/test/msi/TestData/FirewallExtensionTests/FirewallRulesProperties/FirewallRulesProperties.wixproj
 create mode 100644 src/test/msi/TestData/FirewallExtensionTests/FirewallRulesProperties/product.wxs
 create mode 100644 src/test/msi/TestData/FirewallExtensionTests/Module401/Module401.wixproj
 create mode 100644 src/test/msi/TestData/FirewallExtensionTests/Module401/data/test.txt
 create mode 100644 src/test/msi/TestData/FirewallExtensionTests/Module401/module.wxs
 create mode 100644 src/test/msi/TestData/FirewallExtensionTests/ModuleCurrent/ModuleCurrent.wixproj
 create mode 100644 src/test/msi/TestData/FirewallExtensionTests/ModuleCurrent/data/test.txt
 create mode 100644 src/test/msi/TestData/FirewallExtensionTests/ModuleCurrent/module.wxs
 create mode 100644 src/test/msi/TestData/FirewallExtensionTests/NestedService/NestedService.wixproj
 create mode 100644 src/test/msi/TestData/FirewallExtensionTests/NestedService/product.wxs

(limited to 'src/test')

diff --git a/src/test/burn/WixTestTools/Firewall/RuleDetails.cs b/src/test/burn/WixTestTools/Firewall/RuleDetails.cs
index d1e53de4..8c8cdda3 100644
--- a/src/test/burn/WixTestTools/Firewall/RuleDetails.cs
+++ b/src/test/burn/WixTestTools/Firewall/RuleDetails.cs
@@ -146,7 +146,9 @@ namespace WixTestTools.Firewall
         /// This parameter allows the specification of an array of interface LUIDs (locally unique identifiers) supplied as strings.<br/>
         /// This is commonly used by USB RNDIS (Remote Network Driver Interface Specification) devices to restrict traffic to a specific non-routable interface.<br/>
         /// Use <b>netsh trace show interfaces</b> to show a list of local interfaces and their LUIDs.<br/>
-        /// Example: new object[] { "Wi-Fi", "Local Area Connection* 14" }
+        /// The interfaces are stored in the registry as GUIDs, but need to be passed to the API as text. eg from the registry<br/>
+        /// v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=23456|IF={423411CD-E627-4A1A-9E1F-C5BE6CD2CC99}|IF={49A98AD0-8379-4079-A445-77066C52E338}|Name=WiXToolset401 Test - 0002|Desc=WiX Toolset firewall exception rule integration test - minimal port properties|<br/>
+        /// Example API value: new object[] { "Wi-Fi", "Local Area Connection* 14" }
         /// </summary>
         public object[] Interfaces { get; set; }
 
@@ -227,13 +229,13 @@ namespace WixTestTools.Firewall
         public string LocalUserOwner { get; set; }
 
         /// <summary>
-        /// This property is optional. It specifies a list of authorized local users for an app container.<br/>
+        /// This property is optional. It specifies a list of authorized local users for an app container (using SDDL).<br/>
         /// Example: "O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)"
         /// </summary>
         public string LocalUserAuthorizedList { get; set; }
 
         /// <summary>
-        /// This property is optional. It specifies a list of remote users who are authorized to access an app container.<br/>
+        /// This property is optional. It specifies a list of remote users who are authorized to access an app container (using SDDL).<br/>
         /// </summary>
         public string RemoteUserAuthorizedList { get; set; }
 
diff --git a/src/test/msi/TestData/FirewallExtensionTests/CrossVersionMerge/CrossVersionMerge.wixproj b/src/test/msi/TestData/FirewallExtensionTests/CrossVersionMerge/CrossVersionMerge.wixproj
new file mode 100644
index 00000000..f1c71d3d
--- /dev/null
+++ b/src/test/msi/TestData/FirewallExtensionTests/CrossVersionMerge/CrossVersionMerge.wixproj
@@ -0,0 +1,13 @@
+<!-- Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->
+<Project Sdk="WixToolset.Sdk">
+  <PropertyGroup>
+	<SuppressSpecificWarnings>1055;1056</SuppressSpecificWarnings>
+  </PropertyGroup>
+  <ItemGroup>
+    <!-- <ProjectReference Include="..\Module401\Module401.wixproj" /> -->
+    <ProjectReference Include="..\ModuleCurrent\ModuleCurrent.wixproj" />
+  </ItemGroup>
+  <ItemGroup>
+    <PackageReference Include="WixToolset.Firewall.wixext" />
+  </ItemGroup>
+</Project>
diff --git a/src/test/msi/TestData/FirewallExtensionTests/CrossVersionMerge/Module401.msm b/src/test/msi/TestData/FirewallExtensionTests/CrossVersionMerge/Module401.msm
new file mode 100644
index 00000000..4dd5bd09
Binary files /dev/null and b/src/test/msi/TestData/FirewallExtensionTests/CrossVersionMerge/Module401.msm differ
diff --git a/src/test/msi/TestData/FirewallExtensionTests/CrossVersionMerge/package.wxs b/src/test/msi/TestData/FirewallExtensionTests/CrossVersionMerge/package.wxs
new file mode 100644
index 00000000..6d5ea47a
--- /dev/null
+++ b/src/test/msi/TestData/FirewallExtensionTests/CrossVersionMerge/package.wxs
@@ -0,0 +1,35 @@
+<Wix xmlns="http://wixtoolset.org/schemas/v4/wxs" xmlns:fw="http://wixtoolset.org/schemas/v4/wxs/firewall">
+  <Package Name="MsiPackage" Language="1033" Version="1.0.0.0" Manufacturer="Example Corporation"
+    UpgradeCode="41B5F815-E7F6-44E0-B92A-AE95DFF683F9" Compressed="yes" Scope="perMachine">
+	<MediaTemplate EmbedCab="yes" />
+
+    <MajorUpgrade DowngradeErrorMessage="A newer version of [ProductName] is already installed." />
+
+    <Feature Id="ProductFeature" Title="Feature with merged modules">
+      <MergeRef Id="TestMsm1" />
+      <MergeRef Id="TestMsm2" />
+      <ComponentRef Id="FirewallComponent1" />
+    </Feature>
+  </Package>
+
+  <Fragment>
+    <StandardDirectory Id="ProgramFilesFolder">
+      <Directory Id="INSTALLFOLDER" Name="MsiPackage">
+        <Merge Id="TestMsm1" Language="1033" SourceFile="Module401.msm" />
+        <Merge Id="TestMsm2" Language="1033" SourceFile="ModuleCurrent.msm" />
+      </Directory>
+    </StandardDirectory>
+  </Fragment>
+
+  <Fragment>
+    <Property Id="MSIPORT1" Value="20001" />
+    <Property Id="MSIPORT2" Value="20002" />
+
+    <Component Id="FirewallComponent1" Guid="3E9A6190-3E6B-4BC2-8C84-D89D1549FEBD" Directory="INSTALLFOLDER">
+      <File Source="$(sys.SOURCEFILEPATH)">
+        <fw:FirewallException Id="FirewallException1" Description="WiX Toolset firewall exception rule integration test - package app" Name="WiXToolset Test - 0026" Scope="any" Port="[MSIPORT1]" />
+      </File>
+      <fw:FirewallException Id="FirewallException2" Description="WiX Toolset firewall exception rule integration test - package port" Name="WiXToolset Test - 0027" Scope="any" Port="[MSIPORT2]" />
+    </Component>
+  </Fragment>
+</Wix>
diff --git a/src/test/msi/TestData/FirewallExtensionTests/FirewallRulesInterfaces/FirewallRulesInterfaces.wixproj b/src/test/msi/TestData/FirewallExtensionTests/FirewallRulesInterfaces/FirewallRulesInterfaces.wixproj
new file mode 100644
index 00000000..3c6ef5cf
--- /dev/null
+++ b/src/test/msi/TestData/FirewallExtensionTests/FirewallRulesInterfaces/FirewallRulesInterfaces.wixproj
@@ -0,0 +1,13 @@
+<!-- Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->
+<Project Sdk="WixToolset.Sdk">
+  <PropertyGroup>
+    <UpgradeCode>{F153C27F-0236-4A0F-ADB3-50BFC73B4FEA}</UpgradeCode>
+    <ProductComponentsRef>true</ProductComponentsRef>
+  </PropertyGroup>
+  <ItemGroup>
+    <Compile Include="..\..\Templates\Product.wxs" Link="Product.wxs" />
+  </ItemGroup>
+  <ItemGroup>
+    <PackageReference Include="WixToolset.Firewall.wixext" />
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/src/test/msi/TestData/FirewallExtensionTests/FirewallRulesInterfaces/product.wxs b/src/test/msi/TestData/FirewallExtensionTests/FirewallRulesInterfaces/product.wxs
new file mode 100644
index 00000000..142c8f68
--- /dev/null
+++ b/src/test/msi/TestData/FirewallExtensionTests/FirewallRulesInterfaces/product.wxs
@@ -0,0 +1,32 @@
+<!-- Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->
+
+
+<Wix xmlns="http://wixtoolset.org/schemas/v4/wxs" xmlns:fw="http://wixtoolset.org/schemas/v4/wxs/firewall">
+    <Fragment>
+        <ComponentGroup Id="ProductComponents">
+            <ComponentRef Id="FirewallComponent1"/>
+        </ComponentGroup>
+    </Fragment>
+
+    <Fragment>
+        <Component Id="FirewallComponent1" Guid="08044660-CB5D-4891-8BD5-0CB5BB668D78" Directory="INSTALLFOLDER">
+            <File Source="$(sys.SOURCEFILEPATH)" KeyPath="yes" >
+                <fw:FirewallException Id="FirewallException28"
+                    Description="WiX Toolset firewall exception rule integration test - three interfaces"
+                    Name="WiXToolset500 Test - 0028" Scope="any" >
+					<fw:Interface Name="[INTERFACE1]" />
+					<fw:Interface Name="[INTERFACE2]" />
+                    <fw:Interface Name="[INTERFACE3]" />
+                    <fw:InterfaceType Value="RemoteAccess" />
+                    <fw:InterfaceType Value="Lan" />
+                    <fw:InterfaceType Value="Wireless" />
+                </fw:FirewallException>
+            </File>
+
+            <fw:FirewallException Id="FirewallException29"
+                Description="WiX Toolset firewall exception rule integration test - one interface"
+                Name="WiXToolset500 Test - 0029" Scope="any" Port="29292" Interface="[INTERFACE1]" InterfaceType="[INTERFACETYPE]" >
+            </fw:FirewallException>
+        </Component>
+    </Fragment>
+</Wix>
diff --git a/src/test/msi/TestData/FirewallExtensionTests/FirewallRulesProperties/FirewallRulesProperties.wixproj b/src/test/msi/TestData/FirewallExtensionTests/FirewallRulesProperties/FirewallRulesProperties.wixproj
new file mode 100644
index 00000000..38d94265
--- /dev/null
+++ b/src/test/msi/TestData/FirewallExtensionTests/FirewallRulesProperties/FirewallRulesProperties.wixproj
@@ -0,0 +1,13 @@
+<!-- Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->
+<Project Sdk="WixToolset.Sdk">
+  <PropertyGroup>
+    <UpgradeCode>{DC2C3CDC-112F-40A8-A7B4-2C7B758F4F94}</UpgradeCode>
+    <ProductComponentsRef>true</ProductComponentsRef>
+  </PropertyGroup>
+  <ItemGroup>
+    <Compile Include="..\..\Templates\Product.wxs" Link="Product.wxs" />
+  </ItemGroup>
+  <ItemGroup>
+    <PackageReference Include="WixToolset.Firewall.wixext" />
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/src/test/msi/TestData/FirewallExtensionTests/FirewallRulesProperties/product.wxs b/src/test/msi/TestData/FirewallExtensionTests/FirewallRulesProperties/product.wxs
new file mode 100644
index 00000000..1f9935d5
--- /dev/null
+++ b/src/test/msi/TestData/FirewallExtensionTests/FirewallRulesProperties/product.wxs
@@ -0,0 +1,57 @@
+<!-- Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->
+
+
+<Wix xmlns="http://wixtoolset.org/schemas/v4/wxs" xmlns:fw="http://wixtoolset.org/schemas/v4/wxs/firewall">
+    <Fragment>
+        <ComponentGroup Id="ProductComponents">
+            <ComponentRef Id="FirewallComponent1"/>
+        </ComponentGroup>
+    </Fragment>
+
+    <Fragment>
+        <Component Id="FirewallComponent1" Guid="A1553D10-BEB7-4E60-A0DC-6F1EEE5A1719" Directory="INSTALLFOLDER">
+                <fw:FirewallException
+					Name="WiXToolset Test - 0028" OnUpdate="EnableOnly"
+					Port="[LOCALPORT]"
+					Protocol="[PROTOCOL]"
+					Program="[PROGRAM]"
+					Profile="[PROFILE]"
+					Description="[DESCRIPTION]"
+					Scope="[REMOTESCOPE]"
+					EdgeTraversal="[EDGETRAVERSAL]"
+					Enabled="[ENABLED]"
+					Grouping="[GROUPING]"
+					IcmpTypesAndCodes="[ICMPTYPES]"
+					Interface="[INTERFACE]"
+					InterfaceType="[INTERFACETYPE]"
+					LocalScope="[LOCALSCOPE]"
+					RemotePort="[REMOTEPORT]"
+					Service="[SERVICE]"
+					LocalAppPackageId="[PACKAGEID]"
+					LocalUserAuthorizedList="[LOCALUSERS]"
+					LocalUserOwner="[LOCALOWNER]"
+					RemoteMachineAuthorizedList="[REMOTEMACHINES]"
+					RemoteUserAuthorizedList="[REMOTEUSERS]"
+					IPSecSecureFlags="[SECUREFLAGS]"
+					/>
+
+                <fw:FirewallException Name="WiXToolset Test - 0029" OnUpdate="DoNothing" >
+					<fw:RemoteAddress Value="[REMOTEADDRESS]" />
+					<fw:LocalAddress Value="[LOCALADDRESS]" />
+                    <fw:InterfaceType Value="[INTERFACETYPE]" />
+                    <fw:Interface Name="[INTERFACE]" />
+                </fw:FirewallException>
+
+                <fw:FirewallException Name="WiXToolset Test - 0030" >
+                    <fw:RemoteAddress Value="[REMOTEADDRESS1]" />
+                    <fw:RemoteAddress Value="[REMOTEADDRESS2]" />
+                    <fw:LocalAddress Value="[LOCALADDRESS1]" />
+                    <fw:LocalAddress Value="[LOCALADDRESS2]" />
+                    <fw:InterfaceType Value="[INTERFACETYPE1]" />
+                    <fw:InterfaceType Value="[INTERFACETYPE2]" />
+                    <fw:Interface Name="[INTERFACE1]" />
+                    <fw:Interface Name="[INTERFACE2]" />
+                </fw:FirewallException>
+        </Component>
+    </Fragment>
+</Wix>
diff --git a/src/test/msi/TestData/FirewallExtensionTests/Module401/Module401.wixproj b/src/test/msi/TestData/FirewallExtensionTests/Module401/Module401.wixproj
new file mode 100644
index 00000000..5f65e657
--- /dev/null
+++ b/src/test/msi/TestData/FirewallExtensionTests/Module401/Module401.wixproj
@@ -0,0 +1,10 @@
+<!-- Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->
+<Project Sdk="WixToolset.Sdk">
+  <PropertyGroup>
+	<OutputType>Module</OutputType>
+	<SuppressSpecificWarnings>1072</SuppressSpecificWarnings>
+  </PropertyGroup>
+  <ItemGroup>
+    <PackageReference Include="WixToolset.Firewall.wixext"/><!--VersionOverride="4.0.1"-->
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/src/test/msi/TestData/FirewallExtensionTests/Module401/data/test.txt b/src/test/msi/TestData/FirewallExtensionTests/Module401/data/test.txt
new file mode 100644
index 00000000..cd0db0e1
--- /dev/null
+++ b/src/test/msi/TestData/FirewallExtensionTests/Module401/data/test.txt
@@ -0,0 +1 @@
+This is test.txt.
\ No newline at end of file
diff --git a/src/test/msi/TestData/FirewallExtensionTests/Module401/module.wxs b/src/test/msi/TestData/FirewallExtensionTests/Module401/module.wxs
new file mode 100644
index 00000000..872743c7
--- /dev/null
+++ b/src/test/msi/TestData/FirewallExtensionTests/Module401/module.wxs
@@ -0,0 +1,36 @@
+<Wix xmlns="http://wixtoolset.org/schemas/v4/wxs" xmlns:fw="http://wixtoolset.org/schemas/v4/wxs/firewall" >
+    <Module Id="MergeModule1" Language="1033" Version="1.0.0.0" Guid="4B2C61BF-59F5-453B-98E3-3389F681EA00">
+        <SummaryInformation Manufacturer="Module 4.0.1 Manufacturer" />
+
+		<Property Id="MODULE401PORT1" Value="40101" />
+		<Property Id="MODULE401PORT2" Value="40102" />
+		<Property Id="MODULE401PORT3" Value="40103" />
+		<Property Id="MODULE401PORT4" Value="40104" />
+
+        <Directory Id="MergeRedirectFolder">
+            <Component Id="ModuleComponent1" Guid="257F9283-1334-423C-A7E7-FEE848BCD37F">
+                <File Id="File1" Name="file1.txt" Source="data/test.txt">
+					<fw:FirewallException Id="FirewallException1"
+						Description="WiX Toolset firewall exception rule integration test - module 401 MergeRedirectFolder - app"
+						Name="WiXToolset401 Test - 0018" Scope="any" Port="[MODULE401PORT1]" />
+				</File>
+				<fw:FirewallException Id="FirewallException2"
+					Description="WiX Toolset firewall exception rule integration test - module 401 MergeRedirectFolder - port"
+					Name="WiXToolset401 Test - 0019" Scope="any" Port="[MODULE401PORT2]" />
+            </Component>
+        </Directory>
+
+        <Directory Id="NotTheMergeRedirectFolder">
+            <Component Id="ModuleComponent2" Guid="48A2D573-0ADB-4010-84E3-96C3D6803E90">
+                <File Id="File2" Name="file2.txt" Source="data/test.txt">
+					<fw:FirewallException Id="FirewallException3"
+						Description="WiX Toolset firewall exception rule integration test - module 401 NotTheMergeRedirectFolder - app"
+						Name="WiXToolset401 Test - 0020" Scope="any" Port="[MODULE401PORT3]" />
+				</File>
+				<fw:FirewallException Id="FirewallException4"
+					Description="WiX Toolset firewall exception rule integration test - module 401 NotTheMergeRedirectFolder - port"
+					Name="WiXToolset401 Test - 0021" Scope="any" Port="[MODULE401PORT4]" />
+            </Component>
+        </Directory>
+    </Module>
+</Wix>
diff --git a/src/test/msi/TestData/FirewallExtensionTests/ModuleCurrent/ModuleCurrent.wixproj b/src/test/msi/TestData/FirewallExtensionTests/ModuleCurrent/ModuleCurrent.wixproj
new file mode 100644
index 00000000..8a84280c
--- /dev/null
+++ b/src/test/msi/TestData/FirewallExtensionTests/ModuleCurrent/ModuleCurrent.wixproj
@@ -0,0 +1,10 @@
+<!-- Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->
+<Project Sdk="WixToolset.Sdk">
+  <PropertyGroup>
+	<OutputType>Module</OutputType>
+	<SuppressSpecificWarnings>1072</SuppressSpecificWarnings>
+  </PropertyGroup>
+  <ItemGroup>
+    <PackageReference Include="WixToolset.Firewall.wixext" />
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/src/test/msi/TestData/FirewallExtensionTests/ModuleCurrent/data/test.txt b/src/test/msi/TestData/FirewallExtensionTests/ModuleCurrent/data/test.txt
new file mode 100644
index 00000000..cd0db0e1
--- /dev/null
+++ b/src/test/msi/TestData/FirewallExtensionTests/ModuleCurrent/data/test.txt
@@ -0,0 +1 @@
+This is test.txt.
\ No newline at end of file
diff --git a/src/test/msi/TestData/FirewallExtensionTests/ModuleCurrent/module.wxs b/src/test/msi/TestData/FirewallExtensionTests/ModuleCurrent/module.wxs
new file mode 100644
index 00000000..53097acd
--- /dev/null
+++ b/src/test/msi/TestData/FirewallExtensionTests/ModuleCurrent/module.wxs
@@ -0,0 +1,36 @@
+<Wix xmlns="http://wixtoolset.org/schemas/v4/wxs" xmlns:fw="http://wixtoolset.org/schemas/v4/wxs/firewall" >
+    <Module Id="MergeModule1" Language="1033" Version="1.0.0.0" Guid="44FA5DBE-2413-436E-99B3-A0751D6EB420">
+        <SummaryInformation Manufacturer="Example Company - Module Current" />
+
+		<Property Id="MODULECURRENTPORT1" Value="50001" />
+		<Property Id="MODULECURRENTPORT2" Value="50002" />
+		<Property Id="MODULECURRENTPORT3" Value="50003" />
+		<Property Id="MODULECURRENTPORT4" Value="50004" />
+
+        <Directory Id="MergeRedirectFolder">
+            <Component Id="ModuleComponent1" Guid="EB7B8A63-85C4-4ABB-B9DA-33AECAFE38F7">
+                <File Id="File1" Name="file1.txt" Source="data/test.txt">
+					<fw:FirewallException Id="FirewallException1"
+						Description="WiX Toolset firewall exception rule integration test - module MergeRedirectFolder - app"
+						Name="WiXToolset Test - 0022" Scope="any" Port="[MODULECURRENTPORT1]" />
+				</File>
+				<fw:FirewallException Id="FirewallException2"
+					Description="WiX Toolset firewall exception rule integration test - module MergeRedirectFolder - port"
+					Name="WiXToolset Test - 0023" Scope="any" Port="[MODULECURRENTPORT2]" />
+            </Component>
+        </Directory>
+
+        <Directory Id="NotTheMergeRedirectFolder">
+            <Component Id="ModuleComponent2" Guid="0C9DD4FC-5A54-4E96-830D-DDE27B3017B5">
+                <File Id="File2" Name="file2.txt" Source="data/test.txt">
+					<fw:FirewallException Id="FirewallException3"
+						Description="WiX Toolset firewall exception rule integration test - module NotTheMergeRedirectFolder - app"
+						Name="WiXToolset Test - 0024" Scope="any" Port="[MODULECURRENTPORT3]" />
+				</File>
+				<fw:FirewallException Id="FirewallException4"
+					Description="WiX Toolset firewall exception rule integration test - module NotTheMergeRedirectFolder - port"
+					Name="WiXToolset Test - 0025" Scope="any" Port="[MODULECURRENTPORT4]" />
+            </Component>
+        </Directory>
+    </Module>
+</Wix>
diff --git a/src/test/msi/TestData/FirewallExtensionTests/NestedService/NestedService.wixproj b/src/test/msi/TestData/FirewallExtensionTests/NestedService/NestedService.wixproj
new file mode 100644
index 00000000..4a9c9dbd
--- /dev/null
+++ b/src/test/msi/TestData/FirewallExtensionTests/NestedService/NestedService.wixproj
@@ -0,0 +1,14 @@
+<!-- Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->
+<Project Sdk="WixToolset.Sdk">
+  <PropertyGroup>
+    <UpgradeCode>{80635798-F904-4C4E-81D8-27A5106F3998}</UpgradeCode>
+    <ProductComponentsRef>true</ProductComponentsRef>
+  </PropertyGroup>
+  <ItemGroup>
+    <Compile Include="..\..\Templates\Product.wxs" Link="Product.wxs" />
+  </ItemGroup>
+  <ItemGroup>
+    <PackageReference Include="WixToolset.Firewall.wixext" />
+    <PackageReference Include="WixToolset.Util.wixext" />
+  </ItemGroup>
+</Project>
\ No newline at end of file
diff --git a/src/test/msi/TestData/FirewallExtensionTests/NestedService/product.wxs b/src/test/msi/TestData/FirewallExtensionTests/NestedService/product.wxs
new file mode 100644
index 00000000..24559a33
--- /dev/null
+++ b/src/test/msi/TestData/FirewallExtensionTests/NestedService/product.wxs
@@ -0,0 +1,25 @@
+<!-- Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->
+
+
+<Wix xmlns="http://wixtoolset.org/schemas/v4/wxs" xmlns:fw="http://wixtoolset.org/schemas/v4/wxs/firewall" xmlns:util="http://wixtoolset.org/schemas/v4/wxs/util" >
+    <Fragment>
+        <ComponentGroup Id="ProductComponents">
+            <ComponentRef Id="FirewallComponent1"/>
+        </ComponentGroup>
+    </Fragment>
+
+    <Fragment>
+        <Component Id="FirewallComponent1" Guid="FD6E696A-8C42-49BF-B686-0DA5CD4B2C5A" Directory="INSTALLFOLDER" >
+            <fw:FirewallException Id="FirewallException1" Description="WiX Toolset firewall exception rule integration test - service property"
+                Name="WiXToolset Test - 0031" Service="Spooler"/>
+            <util:ServiceConfig ServiceName="Spooler" FirstFailureActionType="restart" SecondFailureActionType="restart" ThirdFailureActionType="none" >
+                <fw:FirewallException Id="FirewallException2" Description="WiX Toolset firewall exception rule integration test - ServiceConfig"
+                    Name="WiXToolset Test - 0032" />
+            </util:ServiceConfig>
+            <ServiceInstall Name="WixTestFirewallSrv" Type="ownProcess" Start="disabled" ErrorControl="ignore" Vital="no" Arguments="%WINDIR%\System32\spoolsv.exe" >
+                <fw:FirewallException Id="FirewallException3" Description="WiX Toolset firewall exception rule integration test - ServiceInstall"
+                    Name="WiXToolset Test - 0033" />
+            </ServiceInstall>
+        </Component>
+    </Fragment>
+</Wix>
diff --git a/src/test/msi/WixToolsetTest.MsiE2E/FirewallExtensionTests.cs b/src/test/msi/WixToolsetTest.MsiE2E/FirewallExtensionTests.cs
index ce55aa14..380e6f4c 100644
--- a/src/test/msi/WixToolsetTest.MsiE2E/FirewallExtensionTests.cs
+++ b/src/test/msi/WixToolsetTest.MsiE2E/FirewallExtensionTests.cs
@@ -4,6 +4,8 @@ namespace WixToolsetTest.MsiE2E
 {
     using System;
     using System.IO;
+    using System.Linq;
+    using System.Net.NetworkInformation;
     using NetFwTypeLib;
     using WixTestTools;
     using WixTestTools.Firewall;
@@ -37,8 +39,8 @@ namespace WixToolsetTest.MsiE2E
                 ApplicationName = this.TestContext.GetTestInstallFolder(false, Path.Combine("FirewallRules", "product.wxs")),
                 Description = "WiX Toolset firewall exception rule integration test - minimal app properties",
                 Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_IN,
-                EdgeTraversal = true,
-                EdgeTraversalOptions = 1,
+                EdgeTraversal = false,
+                EdgeTraversalOptions = 0,
                 Enabled = true,
                 InterfaceTypes = "All",
                 LocalAddresses = "*",
@@ -124,8 +126,8 @@ namespace WixToolsetTest.MsiE2E
                 ApplicationName = this.TestContext.GetTestInstallFolder(false, Path.Combine("FirewallRules", "product.wxs")),
                 Description = "WiX Toolset firewall exception rule integration test - minimal app properties",
                 Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_IN,
-                EdgeTraversal = true,
-                EdgeTraversalOptions = 1,
+                EdgeTraversal = false,
+                EdgeTraversalOptions = 0,
                 Enabled = true,
                 InterfaceTypes = "All",
                 LocalAddresses = "*",
@@ -187,8 +189,8 @@ namespace WixToolsetTest.MsiE2E
                 ApplicationName = this.TestContext.GetTestInstallFolder(false, Path.Combine("FirewallRules", "product.wxs")),
                 Description = "WiX Toolset firewall exception rule integration test - minimal app properties",
                 Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_IN,
-                EdgeTraversal = true,
-                EdgeTraversalOptions = 1,
+                EdgeTraversal = false,
+                EdgeTraversalOptions = 0,
                 Enabled = true,
                 InterfaceTypes = "All",
                 LocalAddresses = "*",
@@ -213,8 +215,8 @@ namespace WixToolsetTest.MsiE2E
                 ApplicationName = this.TestContext.GetTestInstallFolder(false, Path.Combine("DynamicFirewallRules", "product.wxs")),
                 Description = "WiX Toolset firewall exception rule integration test - dynamic app description 9999",
                 Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_IN,
-                EdgeTraversal = true,
-                EdgeTraversalOptions = 1,
+                EdgeTraversal = false,
+                EdgeTraversalOptions = 0,
                 Enabled = true,
                 InterfaceTypes = "All",
                 LocalAddresses = "*",
@@ -255,8 +257,8 @@ namespace WixToolsetTest.MsiE2E
                 ApplicationName = Path.Combine(Environment.GetEnvironmentVariable("windir"), "system32", "9999.exe"),
                 Description = "WiX Toolset firewall exception rule integration test - dynamic Name 9999",
                 Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_IN,
-                EdgeTraversal = true,
-                EdgeTraversalOptions = 1,
+                EdgeTraversal = false,
+                EdgeTraversalOptions = 0,
                 Enabled = true,
                 InterfaceTypes = "All",
                 LocalAddresses = "*",
@@ -285,10 +287,10 @@ namespace WixToolsetTest.MsiE2E
             var log1 = product.InstallProduct(MSIExec.MSIExecReturnCode.SUCCESS);
 
             Assert.False(Verifier.FirewallRuleExists("WiXToolset401 Test - 0006 pipe"));
-            Assert.True(LogVerifier.MessageInLogFile(log1, "failed to add app to the authorized apps list"));
+            Assert.True(LogVerifier.MessageInLogFile(log1, "failed to add firewall exception 'WiXToolset401 Test - 0006 pipe' to the list"));
 
             Assert.False(Verifier.FirewallRuleExists("WiXToolset401 Test - 0007 pipe"));
-            Assert.True(LogVerifier.MessageInLogFile(log1, "failed to add app to the authorized ports list"));
+            Assert.True(LogVerifier.MessageInLogFile(log1, "failed to add firewall exception 'WiXToolset401 Test - 0007 pipe' to the list"));
 
             var expected = new RuleDetails("WiXToolset401 Test - 0008 removal")
             {
@@ -296,8 +298,8 @@ namespace WixToolsetTest.MsiE2E
                 ApplicationName = "test.exe",
                 Description = "WiX Toolset firewall exception rule integration test - removal test",
                 Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_IN,
-                EdgeTraversal = true,
-                EdgeTraversalOptions = 1,
+                EdgeTraversal = false,
+                EdgeTraversalOptions = 0,
                 Enabled = true,
                 InterfaceTypes = "All",
                 LocalPorts = "52390",
@@ -313,7 +315,7 @@ namespace WixToolsetTest.MsiE2E
             Verifier.RemoveFirewallRuleByName("WiXToolset401 Test - 0008 removal");
 
             var log2 = product.UninstallProduct(MSIExec.MSIExecReturnCode.SUCCESS, "NORULENAME=1");
-            Assert.True(LogVerifier.MessageInLogFile(log2, "failed to remove firewall rule"));
+            Assert.True(LogVerifier.MessageInLogFile(log2, "failed to remove firewall exception for name"));
         }
 
         [RuntimeFact]
@@ -370,8 +372,8 @@ namespace WixToolsetTest.MsiE2E
                 ApplicationName = "test.exe",
                 Description = "WiX Toolset firewall exception rule integration test - ports can only be specified if protocol is TCP or UDP",
                 Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_IN,
-                EdgeTraversal = true,
-                EdgeTraversalOptions = 1,
+                EdgeTraversal = false,
+                EdgeTraversalOptions = 0,
                 Enabled = true,
                 InterfaceTypes = "All",
                 LocalAddresses = "*",
@@ -532,5 +534,609 @@ namespace WixToolsetTest.MsiE2E
             Assert.False(Verifier.FirewallRuleExists("WiXToolset401 Test - 0016"));
             Assert.False(Verifier.FirewallRuleExists("WiXToolset401 Test - 0017"));
         }
+
+        [RuntimeFact]
+        public void CanInstallAndUninstallFirewallRulesWithInterfaces()
+        {
+            var names = NetworkInterface.GetAllNetworkInterfaces()
+                .Take(3)
+                .Select(ni => ni.Name);
+
+            var props = names.Select((name, idx) => $"INTERFACE{idx + 1}=\"{name}\"")
+                .Concat(new[] { "INTERFACETYPE=Lan" }).ToArray();
+
+            var product = this.CreatePackageInstaller("FirewallRulesInterfaces");
+            product.InstallProduct(MSIExec.MSIExecReturnCode.SUCCESS, props);
+
+            var expected1 = new RuleDetails("WiXToolset500 Test - 0028")
+            {
+                Action = NET_FW_ACTION_.NET_FW_ACTION_ALLOW,
+                ApplicationName = this.TestContext.GetTestInstallFolder(false, Path.Combine("FirewallRulesInterfaces", "product.wxs")),
+                Description = "WiX Toolset firewall exception rule integration test - three interfaces",
+                Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_IN,
+                EdgeTraversal = false,
+                EdgeTraversalOptions = 0,
+                Enabled = true,
+                InterfaceTypes = "Lan,Wireless,RemoteAccess",
+                Interfaces = names.ToArray<object>(),
+                LocalAddresses = "*",
+                Profiles = Int32.MaxValue,
+                Protocol = 256,
+                RemoteAddresses = "*",
+                SecureFlags = 0,
+            };
+
+            Verifier.VerifyFirewallRule("WiXToolset500 Test - 0028", expected1);
+
+            var expected2 = new RuleDetails("WiXToolset500 Test - 0029")
+            {
+                Action = NET_FW_ACTION_.NET_FW_ACTION_ALLOW,
+                Description = "WiX Toolset firewall exception rule integration test - one interface",
+                Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_IN,
+                EdgeTraversal = false,
+                EdgeTraversalOptions = 0,
+                Enabled = true,
+                InterfaceTypes = "Lan",
+                Interfaces = names.Take(1).ToArray<object>(),
+                LocalAddresses = "*",
+                LocalPorts = "29292",
+                Profiles = Int32.MaxValue,
+                Protocol = 6,
+                RemoteAddresses = "*",
+                RemotePorts = "*",
+                SecureFlags = 0,
+            };
+
+            Verifier.VerifyFirewallRule("WiXToolset500 Test - 0029", expected2);
+
+            props = names.Take(1).Select((name, idx) => $"INTERFACE{idx + 2}=\"{name}\"").ToArray();
+
+            product.RepairProduct(MSIExec.MSIExecReturnCode.SUCCESS, props);
+
+            var expected3 = new RuleDetails("WiXToolset500 Test - 0028")
+            {
+                Action = NET_FW_ACTION_.NET_FW_ACTION_ALLOW,
+                ApplicationName = this.TestContext.GetTestInstallFolder(false, Path.Combine("FirewallRulesInterfaces", "product.wxs")),
+                Description = "WiX Toolset firewall exception rule integration test - three interfaces",
+                Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_IN,
+                EdgeTraversal = false,
+                EdgeTraversalOptions = 0,
+                Enabled = true,
+                InterfaceTypes = "Lan,Wireless,RemoteAccess",
+                Interfaces = names.Take(1).ToArray<object>(),
+                LocalAddresses = "*",
+                Profiles = Int32.MaxValue,
+                Protocol = 256,
+                RemoteAddresses = "*",
+                SecureFlags = 0,
+            };
+
+            Verifier.VerifyFirewallRule("WiXToolset500 Test - 0028", expected3);
+
+            var expected4 = new RuleDetails("WiXToolset500 Test - 0029")
+            {
+                Action = NET_FW_ACTION_.NET_FW_ACTION_ALLOW,
+                Description = "WiX Toolset firewall exception rule integration test - one interface",
+                Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_IN,
+                EdgeTraversal = false,
+                EdgeTraversalOptions = 0,
+                Enabled = true,
+                InterfaceTypes = "All",
+                LocalAddresses = "*",
+                LocalPorts = "29292",
+                Profiles = Int32.MaxValue,
+                Protocol = 6,
+                RemoteAddresses = "*",
+                RemotePorts = "*",
+                SecureFlags = 0,
+            };
+
+            Verifier.VerifyFirewallRule("WiXToolset500 Test - 0029", expected4);
+
+            product.UninstallProduct(MSIExec.MSIExecReturnCode.SUCCESS);
+
+            // verify the firewall exceptions have been removed.
+            Assert.False(Verifier.FirewallRuleExists("WiXToolset500 Test - 0028"));
+            Assert.False(Verifier.FirewallRuleExists("WiXToolset500 Test - 0029"));
+        }
+
+        [RuntimeFact]
+        public void CanInstallAndUninstallFirewallRulesPackagedByDifferentModules()
+        {
+            var product = this.CreatePackageInstaller("CrossVersionMerge");
+            product.InstallProduct(MSIExec.MSIExecReturnCode.SUCCESS);
+
+            // Validate new firewall exception details.
+            var expected1 = new RuleDetails("WiXToolset401 Test - 0018")
+            {
+                Action = NET_FW_ACTION_.NET_FW_ACTION_ALLOW,
+                ApplicationName = Path.Combine(Environment.GetEnvironmentVariable("ProgramFiles(x86)"), "MsiPackage", "file1.txt"),
+                Description = "WiX Toolset firewall exception rule integration test - module 401 MergeRedirectFolder - app",
+                Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_IN,
+                EdgeTraversal = true,
+                EdgeTraversalOptions = 1,
+                Enabled = true,
+                InterfaceTypes = "All",
+                LocalAddresses = "*",
+                LocalPorts = "40101",
+                Profiles = Int32.MaxValue,
+                Protocol = 6,
+                RemoteAddresses = "*",
+                RemotePorts = "*",
+                SecureFlags = 0,
+            };
+
+            Verifier.VerifyFirewallRule("WiXToolset401 Test - 0018", expected1);
+
+            var expected2 = new RuleDetails("WiXToolset401 Test - 0019")
+            {
+                Action = NET_FW_ACTION_.NET_FW_ACTION_ALLOW,
+                Description = "WiX Toolset firewall exception rule integration test - module 401 MergeRedirectFolder - port",
+                Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_IN,
+                EdgeTraversal = false,
+                EdgeTraversalOptions = 0,
+                Enabled = true,
+                InterfaceTypes = "All",
+                LocalAddresses = "*",
+                LocalPorts = "40102",
+                Profiles = Int32.MaxValue,
+                Protocol = 6,
+                RemoteAddresses = "*",
+                RemotePorts = "*",
+                SecureFlags = 0,
+            };
+
+            Verifier.VerifyFirewallRule("WiXToolset401 Test - 0019", expected2);
+
+            var expected3 = new RuleDetails("WiXToolset401 Test - 0020")
+            {
+                Action = NET_FW_ACTION_.NET_FW_ACTION_ALLOW,
+                ApplicationName = Path.Combine(Environment.GetEnvironmentVariable("ProgramFiles(x86)"), "MsiPackage", "file2.txt"),
+                Description = "WiX Toolset firewall exception rule integration test - module 401 NotTheMergeRedirectFolder - app",
+                Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_IN,
+                EdgeTraversal = true,
+                EdgeTraversalOptions = 1,
+                Enabled = true,
+                InterfaceTypes = "All",
+                LocalAddresses = "*",
+                LocalPorts = "40103",
+                Profiles = Int32.MaxValue,
+                Protocol = 6,
+                RemoteAddresses = "*",
+                RemotePorts = "*",
+                SecureFlags = 0,
+            };
+
+            Verifier.VerifyFirewallRule("WiXToolset401 Test - 0020", expected3);
+
+            var expected4 = new RuleDetails("WiXToolset401 Test - 0021")
+            {
+                Action = NET_FW_ACTION_.NET_FW_ACTION_ALLOW,
+                Description = "WiX Toolset firewall exception rule integration test - module 401 NotTheMergeRedirectFolder - port",
+                Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_IN,
+                EdgeTraversal = false,
+                EdgeTraversalOptions = 0,
+                Enabled = true,
+                InterfaceTypes = "All",
+                LocalAddresses = "*",
+                LocalPorts = "40104",
+                Profiles = Int32.MaxValue,
+                Protocol = 6,
+                RemoteAddresses = "*",
+                RemotePorts = "*",
+                SecureFlags = 0,
+            };
+
+            Verifier.VerifyFirewallRule("WiXToolset401 Test - 0021", expected4);
+
+            var expected5 = new RuleDetails("WiXToolset Test - 0022")
+            {
+                Action = NET_FW_ACTION_.NET_FW_ACTION_ALLOW,
+                ApplicationName = Path.Combine(Environment.GetEnvironmentVariable("ProgramFiles(x86)"), "MsiPackage", "file1.txt"),
+                Description = "WiX Toolset firewall exception rule integration test - module MergeRedirectFolder - app",
+                Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_IN,
+                EdgeTraversal = false,
+                EdgeTraversalOptions = 0,
+                Enabled = true,
+                InterfaceTypes = "All",
+                LocalAddresses = "*",
+                LocalPorts = "50001",
+                Profiles = Int32.MaxValue,
+                Protocol = 6,
+                RemoteAddresses = "*",
+                RemotePorts = "*",
+                SecureFlags = 0,
+            };
+
+            Verifier.VerifyFirewallRule("WiXToolset Test - 0022", expected5);
+
+            var expected6 = new RuleDetails("WiXToolset Test - 0023")
+            {
+                Action = NET_FW_ACTION_.NET_FW_ACTION_ALLOW,
+                Description = "WiX Toolset firewall exception rule integration test - module MergeRedirectFolder - port",
+                Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_IN,
+                EdgeTraversal = false,
+                EdgeTraversalOptions = 0,
+                Enabled = true,
+                InterfaceTypes = "All",
+                LocalAddresses = "*",
+                LocalPorts = "50002",
+                Profiles = Int32.MaxValue,
+                Protocol = 6,
+                RemoteAddresses = "*",
+                RemotePorts = "*",
+                SecureFlags = 0,
+            };
+
+            Verifier.VerifyFirewallRule("WiXToolset Test - 0023", expected6);
+
+            var expected7 = new RuleDetails("WiXToolset Test - 0024")
+            {
+                Action = NET_FW_ACTION_.NET_FW_ACTION_ALLOW,
+                ApplicationName = Path.Combine(Environment.GetEnvironmentVariable("ProgramFiles(x86)"), "MsiPackage", "file2.txt"),
+                Description = "WiX Toolset firewall exception rule integration test - module NotTheMergeRedirectFolder - app",
+                Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_IN,
+                EdgeTraversal = false,
+                EdgeTraversalOptions = 0,
+                Enabled = true,
+                InterfaceTypes = "All",
+                LocalAddresses = "*",
+                LocalPorts = "50003",
+                Profiles = Int32.MaxValue,
+                Protocol = 6,
+                RemoteAddresses = "*",
+                RemotePorts = "*",
+                SecureFlags = 0,
+            };
+
+            Verifier.VerifyFirewallRule("WiXToolset Test - 0024", expected7);
+
+            var expected8 = new RuleDetails("WiXToolset Test - 0025")
+            {
+                Action = NET_FW_ACTION_.NET_FW_ACTION_ALLOW,
+                Description = "WiX Toolset firewall exception rule integration test - module NotTheMergeRedirectFolder - port",
+                Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_IN,
+                EdgeTraversal = false,
+                EdgeTraversalOptions = 0,
+                Enabled = true,
+                InterfaceTypes = "All",
+                LocalAddresses = "*",
+                LocalPorts = "50004",
+                Profiles = Int32.MaxValue,
+                Protocol = 6,
+                RemoteAddresses = "*",
+                RemotePorts = "*",
+                SecureFlags = 0,
+            };
+
+            Verifier.VerifyFirewallRule("WiXToolset Test - 0025", expected8);
+
+            var expected9 = new RuleDetails("WiXToolset Test - 0026")
+            {
+                Action = NET_FW_ACTION_.NET_FW_ACTION_ALLOW,
+                ApplicationName = Path.Combine(Environment.GetEnvironmentVariable("ProgramFiles(x86)"), "MsiPackage", "package.wxs"),
+                Description = "WiX Toolset firewall exception rule integration test - package app",
+                Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_IN,
+                EdgeTraversal = false,
+                EdgeTraversalOptions = 0,
+                Enabled = true,
+                InterfaceTypes = "All",
+                LocalAddresses = "*",
+                LocalPorts = "20001",
+                Profiles = Int32.MaxValue,
+                Protocol = 6,
+                RemoteAddresses = "*",
+                RemotePorts = "*",
+                SecureFlags = 0,
+            };
+
+            Verifier.VerifyFirewallRule("WiXToolset Test - 0026", expected9);
+
+            var expected10 = new RuleDetails("WiXToolset Test - 0027")
+            {
+                Action = NET_FW_ACTION_.NET_FW_ACTION_ALLOW,
+                Description = "WiX Toolset firewall exception rule integration test - package port",
+                Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_IN,
+                EdgeTraversal = false,
+                EdgeTraversalOptions = 0,
+                Enabled = true,
+                InterfaceTypes = "All",
+                LocalAddresses = "*",
+                LocalPorts = "20002",
+                Profiles = Int32.MaxValue,
+                Protocol = 6,
+                RemoteAddresses = "*",
+                RemotePorts = "*",
+                SecureFlags = 0,
+            };
+
+            Verifier.VerifyFirewallRule("WiXToolset Test - 0027", expected10);
+
+            product.UninstallProduct(MSIExec.MSIExecReturnCode.SUCCESS);
+
+            // verify the firewall exceptions have been removed.
+            Assert.False(Verifier.FirewallRuleExists("WiXToolset401 Test - 0018"));
+            Assert.False(Verifier.FirewallRuleExists("WiXToolset401 Test - 0019"));
+            Assert.False(Verifier.FirewallRuleExists("WiXToolset401 Test - 0020"));
+            Assert.False(Verifier.FirewallRuleExists("WiXToolset401 Test - 0021"));
+            Assert.False(Verifier.FirewallRuleExists("WiXToolset Test - 0022"));
+            Assert.False(Verifier.FirewallRuleExists("WiXToolset Test - 0023"));
+            Assert.False(Verifier.FirewallRuleExists("WiXToolset Test - 0024"));
+            Assert.False(Verifier.FirewallRuleExists("WiXToolset Test - 0025"));
+            Assert.False(Verifier.FirewallRuleExists("WiXToolset Test - 0026"));
+            Assert.False(Verifier.FirewallRuleExists("WiXToolset Test - 0027"));
+        }
+
+        [RuntimeFact]
+        public void ServiceNameIsPassedIntoNestedRules()
+        {
+            var product = this.CreatePackageInstaller("NestedService");
+            product.InstallProduct(MSIExec.MSIExecReturnCode.SUCCESS);
+
+            var expected1 = new RuleDetails("WiXToolset Test - 0031")
+            {
+                Action = NET_FW_ACTION_.NET_FW_ACTION_ALLOW,
+                Protocol = 256,
+                LocalAddresses = "*",
+                RemoteAddresses = "*",
+                Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_IN,
+                Description = "WiX Toolset firewall exception rule integration test - service property",
+                EdgeTraversal = false,
+                EdgeTraversalOptions = 0,
+                Enabled = true,
+                InterfaceTypes = "All",
+                Profiles = Int32.MaxValue,
+                SecureFlags = 0,
+                ServiceName = "Spooler",
+            };
+
+            Verifier.VerifyFirewallRule("WiXToolset Test - 0031", expected1);
+
+            var expected2 = new RuleDetails("WiXToolset Test - 0032")
+            {
+                Action = NET_FW_ACTION_.NET_FW_ACTION_ALLOW,
+                Protocol = 256,
+                LocalAddresses = "*",
+                RemoteAddresses = "*",
+                Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_IN,
+                Description = "WiX Toolset firewall exception rule integration test - ServiceConfig",
+                EdgeTraversal = false,
+                EdgeTraversalOptions = 0,
+                Enabled = true,
+                InterfaceTypes = "All",
+                Profiles = Int32.MaxValue,
+                SecureFlags = 0,
+                ServiceName = "Spooler",
+            };
+
+            Verifier.VerifyFirewallRule("WiXToolset Test - 0032", expected2);
+
+            var expected3 = new RuleDetails("WiXToolset Test - 0033")
+            {
+                Action = NET_FW_ACTION_.NET_FW_ACTION_ALLOW,
+                Protocol = 256,
+                LocalAddresses = "*",
+                RemoteAddresses = "*",
+                Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_IN,
+                Description = "WiX Toolset firewall exception rule integration test - ServiceInstall",
+                EdgeTraversal = false,
+                EdgeTraversalOptions = 0,
+                Enabled = true,
+                InterfaceTypes = "All",
+                Profiles = Int32.MaxValue,
+                SecureFlags = 0,
+                ServiceName = "WixTestFirewallSrv",
+            };
+
+            Verifier.VerifyFirewallRule("WiXToolset Test - 0033", expected3);
+
+            product.UninstallProduct(MSIExec.MSIExecReturnCode.SUCCESS);
+
+            // verify the firewall exceptions have been removed.
+            Assert.False(Verifier.FirewallRuleExists("WiXToolset Test - 0031"));
+            Assert.False(Verifier.FirewallRuleExists("WiXToolset Test - 0032"));
+            Assert.False(Verifier.FirewallRuleExists("WiXToolset Test - 0033"));
+        }
+
+        [RuntimeFact]
+        public void SucceedWhenEnableOnlyFlagIsSet()
+        {
+            var product = this.CreatePackageInstaller("FirewallRulesProperties");
+            product.InstallProduct(MSIExec.MSIExecReturnCode.SUCCESS);
+
+            var expected1 = new RuleDetails("WiXToolset Test - 0028")
+            {
+                Action = NET_FW_ACTION_.NET_FW_ACTION_ALLOW,
+                Protocol = 256,
+                LocalAddresses = "*",
+                RemoteAddresses = "*",
+                Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_IN,
+                EdgeTraversal = false,
+                EdgeTraversalOptions = 0,
+                Enabled = true,
+                InterfaceTypes = "All",
+                Profiles = Int32.MaxValue,
+                SecureFlags = 0,
+            };
+
+            Verifier.VerifyFirewallRule("WiXToolset Test - 0028", expected1);
+
+            Verifier.DisableFirewallRule("WiXToolset Test - 0028");
+
+            var args = new[]
+            {
+                "LOCALPORT=3456",
+                "PROTOCOL=6",
+                "PROGRAM=ShouldBeUnchanged",
+                "PROFILE=2",
+                "DESCRIPTION=ShouldBeUnchanged",
+                "REMOTESCOPE=ShouldBeUnchanged",
+                "EDGETRAVERSAL=3",
+                "ENABLED=1",
+                "GROUPING=ShouldBeUnchanged",
+                "ICMPTYPES=ShouldBeUnchanged",
+                "INTERFACE=ShouldBeUnchanged",
+                "INTERFACETYPE=ShouldBeUnchanged",
+                "LOCALSCOPE=ShouldBeUnchanged",
+                "REMOTEPORT=60000",
+                "SERVICE=ShouldBeUnchanged",
+                "PACKAGEID=ShouldBeUnchanged",
+                "LOCALUSERS=ShouldBeUnchanged",
+                "LOCALOWNER=ShouldBeUnchanged",
+                "REMOTEMACHINES=ShouldBeUnchanged",
+                "REMOTEUSERS=ShouldBeUnchanged",
+                "SECUREFLAGS=15",
+                "REMOTEADDRESS=ShouldBeUnchanged",
+                "LOCALADDRESS=ShouldBeUnchanged",
+            };
+
+            product.RepairProduct(MSIExec.MSIExecReturnCode.SUCCESS, args);
+
+            var expected2 = new RuleDetails("WiXToolset Test - 0028")
+            {
+                Action = NET_FW_ACTION_.NET_FW_ACTION_ALLOW,
+                Protocol = 256,
+                LocalAddresses = "*",
+                RemoteAddresses = "*",
+                Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_IN,
+                EdgeTraversal = false,
+                EdgeTraversalOptions = 0,
+                Enabled = true,
+                InterfaceTypes = "All",
+                Profiles = Int32.MaxValue,
+                SecureFlags = 0,
+            };
+
+            Verifier.VerifyFirewallRule("WiXToolset Test - 0028", expected2);
+
+            product.UninstallProduct(MSIExec.MSIExecReturnCode.SUCCESS);
+
+            // verify the firewall exceptions have been removed.
+            Assert.False(Verifier.FirewallRuleExists("WiXToolset Test - 0028"));
+        }
+
+        [RuntimeFact]
+        public void SucceedWhenDoNothingFlagIsSet()
+        {
+            var product = this.CreatePackageInstaller("FirewallRulesProperties");
+            product.InstallProduct(MSIExec.MSIExecReturnCode.SUCCESS);
+
+            var expected1 = new RuleDetails("WiXToolset Test - 0029")
+            {
+                Action = NET_FW_ACTION_.NET_FW_ACTION_ALLOW,
+                Protocol = 256,
+                LocalAddresses = "*",
+                RemoteAddresses = "*",
+                Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_IN,
+                EdgeTraversal = false,
+                EdgeTraversalOptions = 0,
+                Enabled = true,
+                InterfaceTypes = "All",
+                Profiles = Int32.MaxValue,
+                SecureFlags = 0,
+            };
+
+            Verifier.VerifyFirewallRule("WiXToolset Test - 0029", expected1);
+            Verifier.DisableFirewallRule("WiXToolset Test - 0029");
+
+            var args = new[]
+            {
+                "INTERFACE=ShouldBeUnchanged",
+                "INTERFACETYPE=ShouldBeUnchanged",
+                "REMOTEADDRESS=ShouldBeUnchanged",
+                "LOCALADDRESS=ShouldBeUnchanged",
+            };
+
+            product.RepairProduct(MSIExec.MSIExecReturnCode.SUCCESS, args);
+
+            var expected2 = new RuleDetails("WiXToolset Test - 0029")
+            {
+                Action = NET_FW_ACTION_.NET_FW_ACTION_ALLOW,
+                Protocol = 256,
+                LocalAddresses = "*",
+                RemoteAddresses = "*",
+                Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_IN,
+                EdgeTraversal = false,
+                EdgeTraversalOptions = 0,
+                Enabled = false, // remains as disabled after the repair
+                InterfaceTypes = "All",
+                Profiles = Int32.MaxValue,
+                SecureFlags = 0,
+            };
+
+            Verifier.VerifyFirewallRule("WiXToolset Test - 0029", expected2);
+
+            product.UninstallProduct(MSIExec.MSIExecReturnCode.SUCCESS);
+
+            // verify the firewall exceptions have been removed.
+            Assert.False(Verifier.FirewallRuleExists("WiXToolset Test - 0029"));
+        }
+
+        [RuntimeFact]
+        public void SucceedWhenNoFlagIsSet()
+        {
+            var product = this.CreatePackageInstaller("FirewallRulesProperties");
+            product.InstallProduct(MSIExec.MSIExecReturnCode.SUCCESS);
+
+            var expected1 = new RuleDetails("WiXToolset Test - 0030")
+            {
+                Action = NET_FW_ACTION_.NET_FW_ACTION_ALLOW,
+                Protocol = 256,
+                LocalAddresses = "*",
+                RemoteAddresses = "*",
+                Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_IN,
+                EdgeTraversal = false,
+                EdgeTraversalOptions = 0,
+                Enabled = true,
+                InterfaceTypes = "All",
+                Profiles = Int32.MaxValue,
+                SecureFlags = 0,
+            };
+
+            Verifier.VerifyFirewallRule("WiXToolset Test - 0030", expected1);
+            Verifier.DisableFirewallRule("WiXToolset Test - 0030");
+
+            var names = NetworkInterface.GetAllNetworkInterfaces()
+                .Take(2)
+                .Select(ni => ni.Name);
+
+            var args = names.Select((name, idx) => $"INTERFACE{idx + 1}=\"{name}\"")
+            .Concat(new[]
+            {
+                "INTERFACETYPE1=Wireless",
+                "INTERFACETYPE2=Lan",
+                "REMOTEADDRESS1=DHCP",
+                "REMOTEADDRESS2=LocalSubnet",
+                "LOCALADDRESS1=127.0.0.1",
+                "LOCALADDRESS2=192.168.1.1",
+            })
+            .ToArray();
+
+            product.RepairProduct(MSIExec.MSIExecReturnCode.SUCCESS, args);
+
+            var expected2 = new RuleDetails("WiXToolset Test - 0030")
+            {
+                Action = NET_FW_ACTION_.NET_FW_ACTION_ALLOW,
+                Protocol = 256,
+                LocalAddresses = "127.0.0.1/255.255.255.255,192.168.1.1/255.255.255.255",
+                RemoteAddresses = "LocalSubnet,DHCP",
+                Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_IN,
+                Description = "",
+                EdgeTraversal = false,
+                EdgeTraversalOptions = 0,
+                Enabled = true,
+                Interfaces = names.ToArray(),
+                InterfaceTypes = "Lan,Wireless",
+                Profiles = Int32.MaxValue,
+                SecureFlags = 0,
+            };
+
+            Verifier.VerifyFirewallRule("WiXToolset Test - 0030", expected2);
+
+            product.UninstallProduct(MSIExec.MSIExecReturnCode.SUCCESS);
+
+            // verify the firewall exceptions have been removed.
+            Assert.False(Verifier.FirewallRuleExists("WiXToolset Test - 0030"));
+        }
     }
 }
diff --git a/src/test/msi/WixToolsetTest.MsiE2E/WixToolsetTest.MsiE2E.csproj b/src/test/msi/WixToolsetTest.MsiE2E/WixToolsetTest.MsiE2E.csproj
index a5536de4..7d4695d3 100644
--- a/src/test/msi/WixToolsetTest.MsiE2E/WixToolsetTest.MsiE2E.csproj
+++ b/src/test/msi/WixToolsetTest.MsiE2E/WixToolsetTest.MsiE2E.csproj
@@ -29,6 +29,7 @@
 
   <ItemGroup>
     <PackageReference Include="Microsoft.Win32.Registry" />
+    <PackageReference Include="System.Net.NetworkInformation" />
     <PackageReference Include="System.Security.Principal.Windows" />
     <PackageReference Include="WixInternal.TestSupport" />
     <PackageReference Include="WixToolset.Data" />
-- 
cgit v1.2.3-55-g6feb