Add firewall exception

About

This is custom created predefined action by Master Packager team that sets and removes firewall exceptions.
It allows you to define Windows Firewall rules for specific applications, controlling inbound or outbound traffic. The predefined action executes under SYSTEM privileges, enabling firewall changes without requiring user confirmation.

Firewall rules created with this action appear under Windows Defender Firewall - Advanced Settings, in either Inbound or Outbound rules.

Master Packager Advanced Editor - Predefined Custom Actions - Add firewall exception

Note: To remove a firewall exception during uninstall, you must use the exact same Exception Name that was used when adding the rule.

How to use it?

  1. Open MSI/MST with Master Packager

  2. Click on Custom Actions in the left menu

  3. Click on the Predefined Actions tab

  4. Click Add New Predefined Action and choose Add firewall exception

  5. Set the Exception Name for your firewall rule

  6. Set the full path for the executable that needs the firewall rule by clicking the three dots and choosing the file

  7. Set whether the rule is Inbound or Outbound

  8. Choose the profiles where the rule should apply:

    • Public – for public networks like cafés or airports
    • Private – for home or trusted networks
    • Domain – for networks managed by an organization
  9. Set the protocol for the rule:

    • TCP (Transmission Control Protocol) – Reliable, connection-based communication. Use for apps needing guaranteed delivery (e.g. web, email, file transfer).
    • UDP (User Datagram Protocol) – Faster, connectionless communication. Use for apps needing speed over reliability

To configure removal of the firewall rule during uninstall:

  • Go to the right menu
  • Select Remove firewall exception
  • Enter the Exception Name that matches the rule you want to remove

💡 You can define multiple firewall rules within the same package if needed.