MAKEMSI quickly and reliably creates MSI files in a non-programmatic way\User ContributionsFIREWALL.MMH - Adding and Removing Windows Firewall Exceptions

---

FIREWALL.MMH - Adding and Removing Windows Firewall Exceptions

This information and/or code in this section was provided by Christoph Mockenhaupt (thank you).

The supplied sample code to exercise the new command:

;--- Firewall exception list entry for MyApp.exe -----------------------------
; create data to be passed to the firewall macro
#data "FwMyApp"
    "FullPath"        "[INSTALLDIR]MyApp.exe"
    "FriendlyName"    "<$ProdInfo.ProductName>"
    "RemoteAddresses" "10.0.42.0/255.255.255.0"   ;; this can be omitted or "*" for all
#data
<$CaAddApplicationToFirewallExceptionList "FwMyApp" DescriptionAdd="Adding MyApp to the firewall exception list" DescriptionRemove="Removing MyApp from the firewall exception list">

The required header code (also installed by MAKEMSI):

;----------------------------------------------------------------------------
;
;    MODULE NAME:   FireWall[ChristophMockenhaupt].mmh
;
;        $Author:   USER "Dennis"  $
;      $Revision:   1.1  $
;          $Date:   07 Aug 2008 19:24:30  $
;       $Logfile:   C:/DBAREIS/Projects.PVCS/Win32/MakeMsi/FireWall[ChristophMockenhaupt].mmh.pvcs  $
;
; This was supplied by Christoph Mockenhaupt in email dated 18 July 2008,
; his comments:
;
;   I created an macro to modify the MS Windows Firewall exception list
;   at install time.
;
;   The action is rollback aware, the macro can be called more than once
;   to add more than one file, and can handle features.
;
;   I think there is enough documentation in the code to understand what it does.
;----------------------------------------------------------------------------



;###
;### Adds/removes a program from the windows firewall exception list on install/uninstall
;###
;### Needs the extended predefined definitions for conditions described in
;### MAKEMSI doco "Conditions - Predefined by MAKEMSI"
;###

#include "FeatureAndComponentStates.mmh"

#ifndef FIREWALL_MMH
#define FIREWALL_MMH

#NextId
#NextId LOCK "FIREWALL.MMH"

; The vbs code to add/remove an application to/from the firewall exception list
#( '<?NewLine>'
  #define @@FirewallVbs
    ; first we need a VBScript custom action which uses the windows firewall manager api to add/remove a program
    <$VbsCa Binary="Firewall.vbs" Pause="N">
      <$VbsCaEntry "AddApplicationToExceptionList">
        CaDebug 0, "Adding application to Windows firewall exception list"
        Const NET_FW_IP_VERSION_ANY = 2
        Const NET_FW_SCOPE_ALL = 0
        Dim objFirewall
        Dim objAuthApp
        Dim objProfile
        Dim strRemoteAddresses : strRemoteAddresses = ""
        ' Enable Application
        Set objFirewall = CreateObject("HNetCfg.FwMgr")
        Set objAuthApp = CreateObject("HNetCfg.FwAuthorizedApplication")
        Set objProfile = objFirewall.LocalPolicy.CurrentProfile
        CaDebug 0, "Setting friendly application name to " & VbsCaCadGet("FriendlyName")
        objAuthApp.Name = VbsCaCadGet("FriendlyName")
        CaDebug 0, "Setting image file name to " & VbsCaCadGet("FullPath")
        objAuthApp.ProcessImageFileName = VbsCaCadGet("FullPath")
        objAuthApp.Enabled = True
        objAuthApp.IpVersion = NET_FW_IP_VERSION_ANY
        objAuthApp.Scope = NET_FW_SCOPE_ALL ' the scope will be overwritten if RemoteAddress other than "" or "*" is specified
        CaDebug 0, "If the following call of VbsCaCadGet(RemoteAddresses) fails, no addresses were specified in the data field. This is OK."
        On Error Resume Next
        strRemoteAddresses = VbsCaCadGet("RemoteAddresses")
        err.clear
        On Error Goto 0
        if strRemoteAddresses <> "" then
          CaDebug 0, "Setting remote addresses to " & strRemoteAddresses
          objAuthApp.RemoteAddresses = strRemoteAddresses
        end if
        objProfile.AuthorizedApplications.Add objAuthApp
        CaDebug 0, "Done"
      <$/VbsCaEntry>

      <$VbsCaEntry "RemoveApplicationFromExceptionList">
        CaDebug 0, "Removing application from Windows firewall exception list"
        Dim objFirewall ' As INetFwMgr
        Dim objProfile
        ' Disable Application
        Set objFirewall = CreateObject("HNetCfg.FwMgr")
        Set objProfile = objFirewall.LocalPolicy.CurrentProfile
        CaDebug 0, "Using path " & VbsCaCadGet("FullPath") & " for removal"
        objProfile.AuthorizedApplications.Remove VbsCaCadGet("FullPath")
        CaDebug 0, "Done"
      <$/VbsCaEntry>
    <$/VbsCa>
#)

; include the Firewall.vbs code (must only be added once)
dim @@FirewallBinaryExists : @@FirewallBinaryExists = ""
<$Table "Binary">
    <$Row @Where="Name = 'Firewall.vbs'" @Code="Y">
      @@FirewallBinaryExists = <$COLSTR.Binary.Name>
    <$/Row>
<$/Table>
if @@FirewallBinaryExists = "" then
  say "Adding firewall vbs code to the binary table."
  <$@@FirewallVbs>
end if

#( '<?NewLine>'
  ;###
  ;### This Macro is used to create a custom action to add an application to the Windows firewall execption list (Ports are not supported).
  ;### Parameters:
  ;###  Data (positional)           - the name of a two or three column #data block with the Parameters "FullPath", "FriendlyName", and "RemoteAddresses" (optional)
  ;###                                * FullPath:        The full path to the application (e.g. "[INSTALLDIR]TryMy.exe")
  ;###                                * FriendlyName:    A friendly name for the application, this will be shown in the exception list (e.g. "TryMe (simple MAKEMSI test MSI)" or simply "<$ProdInfo.ProductName>")
  ;###                                * RemoteAddresses: RemoteAddresses property of the INetFwAuthorizedApplication Interface, use "" or "*" to disable (see http://msdn.microsoft.com/en-us/library/aa365270(VS.85).aspx)
  ;###  DescriptionAdd (optional)   - This will appear in any MSI log as well as progress bar line #1 when an entry is added to the exception list, defaults to "Setting up Windows firewall"
  ;###  DescriptionRemove(optional) - This will appear in any MSI log as well as progress bar line #1 when an entry is removed from the exception list, defaults to "Setting up Windows firewall"
  ;###  Feature (optional)          - The name of the feature the generated firewall rule belongs to
  ;###
  ;### This Macro can be called serveral times to add more than one file to the exception list. The name of the supplied data field must be unique!
  ;###
  #define CaAddApplicationToFirewallExceptionList
    ;--- Do some parameter validations --------------------------------------
    {$!KEYWORDS}                                      ;;Don't expect any keywords
    {$!:#1,DESCRIPTIONADD,DESCRIPTIONREMOVE,FEATURE}  ;;List all valid parameters

    #if ['<?Data:{$#1}>' == '']
      #error ^The "{$#1}" data structure does not exist!^
    #else
      #if [<?Data:{$#1}.?> < 2]
        #error ^Please pass a valid #data structure. It must have at least two rows defining the parameters "FullPath" and "FriendlyName". Parameter "RemoteAddresses" is optional.^
      #endif
    #endif

    ;--- Set up the deferred custom actions -----------------------------------
    ; these are the standard definitions, add to exception list on install, remove it on uninstall
    #define+ @@CONDITION_FIREWALL_INSTALL          <$CONDITION_INSTALL_ONLY>    ;;condition for install and rollback during install
    #define+ @@CONDITION_FIREWALL_UNINSTALL        <$CONDITION_UNINSTALL_ONLY>  ;;condition for uninstall and rollback during uninstall

    #define+ @@SharedFeature {$Feature=^^}      ;;Get "feature" parameter passed by invoker
    #if ['<$@@SharedFeature>' = '']
        ;--- No feature passed, are we nested within one --------------------
        #define+ @@SharedFeature <$Feature? QUERY="Y">
    #endif

    #if ['<$@@SharedFeature>' <> '']
      ; if this action is based on a feature, add to exception list if the feature will be installed; remove it if the feature will be uninstalled or becomes advertised
      #define+ @@CONDITION_FIREWALL_INSTALL        <$FeatureWillBe "<$@@SharedFeature>" STATE="LOCAL">
      #define+ @@CONDITION_FIREWALL_UNINSTALL      <$FeatureIs "<$@@SharedFeature>" STATE="LOCAL"> AND (<$FeatureWillBe "<$@@SharedFeature>" STATE="ABSENT"> OR <$FeatureWillBe "<$@@SharedFeature>" STATE="ADVERTISED">)
    #endif
    ; on rollback during install
    <$VbsCaSetup Data="{$#1}" Binary="Firewall.vbs" Key="{$#1}_FirewallRollBackAdd" Entry="RemoveApplicationFromExceptionList" Seq="InstallFiles-" CONDITION=^<$@@CONDITION_FIREWALL_INSTALL>^ Type="Deferred Rollback System" Description="{$DescriptionRemove='Setting up Windows firewall'}">
    ; on install
    <$VbsCaSetup Data="{$#1}" Binary="Firewall.vbs" Key="{$#1}_FirewallAdd" Entry="AddApplicationToExceptionList" Seq="InstallFiles-" CONDITION=^<$@@CONDITION_FIREWALL_INSTALL>^ Type="Deferred System" Description="{$DescriptionAdd='Setting up Windows firewall'}">
    ; on uninstall
    <$VbsCaSetup Data="{$#1}" Binary="Firewall.vbs" Key="{$#1}_FirewallRemove" Entry="RemoveApplicationFromExceptionList" Seq="<-RemoveFiles" CONDITION=^<$@@CONDITION_FIREWALL_UNINSTALL>^ Type="Deferred System" Description="{$DescriptionRemove}">
    ; on rollback during uninstall
    <$VbsCaSetup Data="{$#1}" Binary="Firewall.vbs" Key="{$#1}_FirewallRollBackRemove" Entry="AddApplicationToExceptionList" Seq="<-RemoveFiles" CONDITION=^<$@@CONDITION_FIREWALL_UNINSTALL>^ Type="Deferred Rollback System" Description="{$DescriptionAdd}">
#)

#NextId UNLOCK "FIREWALL.MMH"

#endif ;; !FIREWALL_MMH

Please email me any feedback, additional information or corrections. See this page online (look for updates) MAKEMSI© is (C)opyright Dennis Bareis 2003-2008 (All rights reserved). Saturday December 27 2008 at 3:15pm Visit MAKEMSI's Home Page