[wpkg-users] Windows XP firewall strangeness...

Marco Gaiarin gaio at sv.lnf.it
Mon Oct 8 10:40:03 CEST 2012 

It is some year that i set the windows firewall with 'netsh firewall'
in a wpkg recipe, using 'execute once'.
Some days ago, i've found a internet page that explain how the setting
are saved, in registry, so i've modified the recipe as:

        <check type="logical" condition="and">
                <check type="registry" condition="equals" path="HKLM\System\CurrentControlSet\Services\SharedAccess\Start" value="2" />
                <check type="registry" condition="equals" path="HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall" value="1" />
                <check type="registry" condition="equals" path="HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\WPKGConfigVersion" value="20121005" />
        </check>
        
        <install cmd='%WPKGROOT%\packages\firewall.bat' />
        <install cmd='reg add "HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy" /f /v "WPKGConfigVersion" /t REG_SZ /d "20121005"' />

(firewall.bat sets the rules using 'netsh firewall' commands).

Recipe do what expected (eg, firewall rules are applied correctly and works),
but recipe fail, because there's no the EnableFirewall value on
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
registry key.
If i use the control panel firewall graphical interface, firewall
rules, and for example i disable and re-enable it, these registry
keys/value come back as expected.


For now i've added to the recipe:
        <install cmd='reg add "HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile" /f /v "EnableFirewall" /t REG_DWORD /d "1"' />
        <install cmd='reg add "HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile" /f /v "DoNotAllowExceptions" /t REG_DWORD /d "0"' />
        <install cmd='reg add "HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile" /f /v "DisableNotifications" /t REG_DWORD /d "0"' />

but i'm curious to know what happen... Tnx.

-- 
dott. Marco Gaiarin				    GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''                http://www.sv.lnf.it/
  Polo FVG  -  Via della Bontà, 7 - 33078  -  San Vito al Tagliamento (PN)
  marco.gaiarin(at)sv.lnf.it	  tel +39-0434-842711  fax +39-0434-842797

		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
	   http://www.lanostrafamiglia.it/chi_siamo/5xmille.php
	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)

More information about the wpkg-users mailing list