关于通过防火墙扩展在wix安装程序中添加防火墙例外的问题 [英] Questions about add firewall exception in wix installer by firewall extension

查看:137
本文介绍了关于通过防火墙扩展在wix安装程序中添加防火墙例外的问题的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我是 Wix安装程序的新手。我正在尝试为我的程序添加防火墙例外

I am new to Wix installer. I am trying to add firewall exception for my program. 

<Component Id="_VIEW.EXE" Guid="*" Transitive="yes">
     <File Id="view.exe"
           Name="view.exe"
           KeyPath="yes"
           Source="$(var.INSTALLSOURCE)\view.exe">
       <fire:FirewallException Id="view_firewall_domain_tcp"
                               Name="View"
                               Protocol="tcp"
                               Scope="any"
                               IgnoreFailure="yes"
                               Profile="domain" />
       <fire:FirewallException Id="view_firewall_domain_udp"
                               Name="View"
                               Protocol="udp"
                               Scope="any"
                               IgnoreFailure="yes"
                               Profile="domain" />
       <fire:FirewallException Id="view_firewall_private_tcp"
                               Name="View"
                               Protocol="tcp"
                               Scope="any"
                               IgnoreFailure="yes"
                               Profile="private" />
       <fire:FirewallException Id="view_firewall_private_udp"
                               Name="View"
                               Protocol="udp"
                               Scope="any"
                               IgnoreFailure="yes"
                               Profile="private" />
     </File>
  </Component>

在我的代码中,我添加了 4个防火墙例外,每个例外都有不同 个人资料协议属性的值。我的预期结果是创建了4个异常:

In my code, I add 4 firewall exception and each exception has different value for "Profile" and "Protocol" attributes. My expected result is 4 exceptions created:

NAME  GROUP   Profile   Enabled  Action  Override  Program           Local Address   Remote Address   Protocol   Local Port   Remote Port   Allowed Users  Allowed Computers
view          Domain     Yes     Allow    No       c:\test\view.exe    Any               Any            TCP         Any         Any             Any            Any
view          Domain     Yes     Allow    No       c:\test\view.exe    Any               Any            UDP         Any         Any             Any            Any
view          Private    Yes     Allow    No       c:\test\view.exe    Any               Any            TCP         Any         Any             Any            Any
view          Private    Yes     Allow    No       c:\test\view.exe    Any               Any            UDP         Any         Any             Any            Any

但实际结果只是一个例外创建n,并且 Protocol属性的值为 any,而不是 TCP UDP

But the actual result is only one exception is created and the value of "Protocol" attribute is "any" instead of "TCP" or "UDP":

NAME  GROUP   Profile   Enabled  Action  Override  Program           Local Address   Remote Address   Protocol   Local Port   Remote Port   Allowed Users  Allowed Computers
view          Domain     Yes     Allow    No       c:\test\view.exe    Any               Any            Any         Any         Any             Any            Any



所以,我有两个问题:



So, I have two questions:


  1. 为什么仅创建一个例外?例外的名称必须唯一吗?

  2. 协议属性的值为什么不生效?

我引用了有关防火墙扩展的官方文档:
http://wixtoolset.org/documentation/manual/v3/xsd/firewall/firewallexception.html
在文档中,我看到了有关文件属性的一些描述:

I refer an official document about firewall extension: http://wixtoolset.org/documentation/manual/v3/xsd/firewall/firewallexception.html In the document, I saw some description about "File" attribute:


要授予对所有传入端口和协议的访问权限的文件的标识符。如果使用文件,则不能同时使用程序。
如果您在同一FirewallException元素中同时使用文件以及端口或协议,则该异常将无法安装在Windows XP和Windows Server 2003上。IgnoreFailure = yes可用于忽略导致的故障,但是该异常不会被添加。

Identifier of a file to be granted access to all incoming ports and protocols. If you use File, you cannot also use Program. If you use File and also Port or Protocol in the same FirewallException element, the exception will fail to install on Windows XP and Windows Server 2003. IgnoreFailure="yes" can be used to ignore the resulting failure, but the exception will not be added.

这是否意味着如果我为程序设置了防火墙规则,则协议和端口属性

Does it mean that if I set firewall rule for a program, the "Protocol" and "Port" attributes will be "Any" automatically even I set "Protocol"?

推荐答案

现有的wix FirewallException自定义操作将使用XP / Server2003 Windows防火墙API。在此API中,为特定的可执行文件设置防火墙例外意味着将为该例外打开所有端口和所有协议。

The existing wix FirewallException custom actions make use of the XP/Server2003 windows firewall API. In this API, setting a firewall exception for a particular executable implies that all ports and all protocols will be opened to the exception.

作为参考, XP / Server2003防火墙API接口。请注意,INetFwOpenPort可以获取/设置端口,而INetFwAuthorizedApplication则不能。

For reference, the XP/Server2003 firewall API interfaces. Notice that INetFwOpenPort has the ability to get/set the port, while INetFwAuthorizedApplication does not.

如果要在程序上创建防火墙例外并明确限制端口,协议和域,您将需要使用Vista附带的Windows高级防火墙API。看看这些参考:
高级概述

参考指南

命令行参考指南

If you want to create a firewall exception on a program and explicitly limit the port, protocol, and domain you'll need to make use of the windows 'advanced' firewall API that came with Vista. Check out these references: Highlevel overview
Reference guide
Command-line reference guide

遗憾的是,还没有人使用wix来实现AdvancedFirewallException扩展,该扩展使用了这些更新的API。也许我会进行一次kickstarter广告系列,看看是否有兴趣为开发提供资金; P

Sadly, nobody has yet implemented an AdvancedFirewallException extension for wix that makes use of these updated APIs. Maybe I'll run a kickstarter campaign to see if there interest in funding the development ;P

这篇关于关于通过防火墙扩展在wix安装程序中添加防火墙例外的问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆