FireBrick Firewall - Steam Client: Difference between revisions
CrazyTeeka (talk | contribs) |
CrazyTeeka (talk | contribs) No edit summary |
||
Line 11: | Line 11: | ||
ip="23.63.98.10 23.63.98.17 23.63.98.18 23.63.98.19 23.63.98.26 23.63.98.27 23.63.98.32 23.63.98.33 23.63.98.41 23.63.98.43 23.63.99.58 23.63.99.90 104.86.110.249 104.86.111.137"/> |
ip="23.63.98.10 23.63.98.17 23.63.98.18 23.63.98.19 23.63.98.26 23.63.98.27 23.63.98.32 23.63.98.33 23.63.98.41 23.63.98.43 23.63.99.58 23.63.99.90 104.86.110.249 104.86.111.137"/> |
||
<host name="a1697.g.akamai.net" |
<host name="a1697.g.akamai.net" |
||
ip="23.63.99.219 23.67.255.202"/> |
ip="23.63.99.219 23.67.255.202 104.86.110.24 104.86.110.75"/> |
||
<host name="a1737.g.akamai.net" |
<host name="a1737.g.akamai.net" |
||
ip="23.63.99.208 23.63.99.240"/> |
ip="23.63.99.208 23.63.99.240 104.86.110.24 104.86.110.81"/> |
||
<host name="a1843.g.akamai.net" |
<host name="a1843.g.akamai.net" |
||
ip="23.67.255.200 23.67.255.208"/> |
ip="23.67.255.200 23.67.255.208 104.86.110.27 104.86.110.35"/> |
||
<host name="api.steampowered.com" |
<host name="api.steampowered.com" |
||
ip="23.195.77.152 23.205.213.78 92.122.219.245 104.71.179.142 173.223.184.147"/> |
ip="23.195.77.152 23.205.213.78 92.122.219.245 104.71.179.142 173.223.184.147"/> |
||
Line 28: | Line 28: | ||
<host name="clientconfig.akamai.steamstatic.com" |
<host name="clientconfig.akamai.steamstatic.com" |
||
ip="23.63.98.10 23.63.98.17 23.63.98.18 23.63.98.19 23.63.98.26 23.63.98.27 23.63.98.32 23.63.98.33 23.63.98.41 23.63.98.43 23.63.99.58 23.63.99.90 104.86.110.249 104.86.111.137"/> |
ip="23.63.98.10 23.63.98.17 23.63.98.18 23.63.98.19 23.63.98.26 23.63.98.27 23.63.98.32 23.63.98.33 23.63.98.41 23.63.98.43 23.63.99.58 23.63.99.90 104.86.110.249 104.86.111.137"/> |
||
<host name="dreamfallchapters.azurewebsites.net" |
|||
ip="191.238.8.26"/> |
|||
<host name="images.akamai.steamusercontent.com" |
<host name="images.akamai.steamusercontent.com" |
||
ip="23.63.98.10 23.63.98.17 23.63.98.18 23.63.98.19 23.63.98.26 23.63.98.27 23.63.98.32 23.63.98.33 23.63.98.41 23.63.98.43 23.63.99.58 23.63.99.90 104.86.110.249 104.86.111.137"/> |
ip="23.63.98.10 23.63.98.17 23.63.98.18 23.63.98.19 23.63.98.26 23.63.98.27 23.63.98.32 23.63.98.33 23.63.98.41 23.63.98.43 23.63.99.58 23.63.99.90 104.86.110.249 104.86.111.137"/> |
||
Line 35: | Line 37: | ||
ip="205.185.216.10 205.185.216.42"/> |
ip="205.185.216.10 205.185.216.42"/> |
||
<host name="media3.steampowered.com" |
<host name="media3.steampowered.com" |
||
ip="8.253.70.30 8.253.70.110 8.253.70.142 8.254.191.94 8.254.191.238"/> |
ip="8.253.70.30 8.253.70.110 8.253.70.142 8.254.191.46 8.254.191.94 8.254.191.238"/> |
||
<host name="media4.steampowered.com" |
<host name="media4.steampowered.com" |
||
ip="23.63.98.10 23.63.98.17 23.63.98.18 23.63.98.19 23.63.98.26 23.63.98.27 23.63.98.32 23.63.98.33 23.63.98.41 23.63.98.43 23.63.99.58 23.63.99.90 104.86.110.249 104.86.111.137"/> |
ip="23.63.98.10 23.63.98.17 23.63.98.18 23.63.98.19 23.63.98.26 23.63.98.27 23.63.98.32 23.63.98.33 23.63.98.41 23.63.98.43 23.63.99.58 23.63.99.90 104.86.110.249 104.86.111.137"/> |
||
Line 41: | Line 43: | ||
ip="23.63.98.10 23.63.98.17 23.63.98.18 23.63.98.19 23.63.98.26 23.63.98.27 23.63.98.32 23.63.98.33 23.63.98.41 23.63.98.43 23.63.99.58 23.63.99.90 104.86.110.249 104.86.111.137"/> |
ip="23.63.98.10 23.63.98.17 23.63.98.18 23.63.98.19 23.63.98.26 23.63.98.27 23.63.98.32 23.63.98.33 23.63.98.41 23.63.98.43 23.63.99.58 23.63.99.90 104.86.110.249 104.86.111.137"/> |
||
<host name="steamcdn-a.akamaihd.net" |
<host name="steamcdn-a.akamaihd.net" |
||
ip="23.67.255.200 23.67.255.208"/> |
ip="23.67.255.200 23.67.255.208 104.86.110.27 104.86.110.35"/> |
||
<host name="steamcloud-dub.s3.amazonaws.com" |
|||
ip="54.231.134.106"/> |
|||
<host name="steamcloud-eu.storage.googleapis.com" |
<host name="steamcloud-eu.storage.googleapis.com" |
||
ip="216.58.213.112"/> |
ip="216.58.198.208 216.58.198.240 216.58.213.112"/> |
||
<host name="steamcloudams.blob.core.windows.net" |
<host name="steamcloudams.blob.core.windows.net" |
||
ip="168.61.58.14"/> |
ip="168.61.58.14"/> |
||
Line 49: | Line 53: | ||
ip="191.235.193.40"/> |
ip="191.235.193.40"/> |
||
<host name="steamcommunity-a.akamaihd.net" |
<host name="steamcommunity-a.akamaihd.net" |
||
ip="23.63.99.219 23.67.255.202"/> |
ip="23.63.99.219 23.67.255.202 104.86.110.24 104.86.110.75"/> |
||
<host name="steamcommunity.com" |
<host name="steamcommunity.com" |
||
ip="23.195.77.152 23.205.213.78 92.122.219.245 104.71.179.142 173.223.184.147"/> |
ip="23.195.77.152 23.205.213.78 92.122.219.245 104.71.179.142 173.223.184.147"/> |
||
<host name="steamstore-a.akamaihd.net" |
<host name="steamstore-a.akamaihd.net" |
||
ip="23.63.99.208 23.63.99.240"/> |
ip="23.63.99.208 23.63.99.240 104.86.110.24 104.86.110.81"/> |
||
<host name="store.akamai.steamstatic.com" |
<host name="store.akamai.steamstatic.com" |
||
ip="23.63.98.10 23.63.98.17 23.63.98.18 23.63.98.19 23.63.98.26 23.63.98.27 23.63.98.32 23.63.98.33 23.63.98.41 23.63.98.43 23.63.99.58 23.63.99.90 104.86.110.249 104.86.111.137"/> |
ip="23.63.98.10 23.63.98.17 23.63.98.18 23.63.98.19 23.63.98.26 23.63.98.27 23.63.98.32 23.63.98.33 23.63.98.41 23.63.98.43 23.63.99.58 23.63.99.90 104.86.110.249 104.86.111.137"/> |
Revision as of 10:31, 6 March 2016
This firewall allows both inbound and outbound traffic to the steam client, all other traffic is blocked.
Static DNS
Static DNS keeps the IP addresses used the same as the ones used in the firewall:
<dns resolvers="2001:8b0::2020 2001:8b0::2021 217.169.20.20 217.169.20.21">
<host name="a1507.d.akamai.net"
ip="23.63.98.10 23.63.98.17 23.63.98.18 23.63.98.19 23.63.98.26 23.63.98.27 23.63.98.32 23.63.98.33 23.63.98.41 23.63.98.43 23.63.99.58 23.63.99.90 104.86.110.249 104.86.111.137"/>
<host name="a1697.g.akamai.net"
ip="23.63.99.219 23.67.255.202 104.86.110.24 104.86.110.75"/>
<host name="a1737.g.akamai.net"
ip="23.63.99.208 23.63.99.240 104.86.110.24 104.86.110.81"/>
<host name="a1843.g.akamai.net"
ip="23.67.255.200 23.67.255.208 104.86.110.27 104.86.110.35"/>
<host name="api.steampowered.com"
ip="23.195.77.152 23.205.213.78 92.122.219.245 104.71.179.142 173.223.184.147"/>
<host name="cdn.akamai.steamstatic.com"
ip="23.63.98.10 23.63.98.17 23.63.98.18 23.63.98.19 23.63.98.26 23.63.98.27 23.63.98.32 23.63.98.33 23.63.98.41 23.63.98.43 23.63.99.58 23.63.99.90 104.86.110.249 104.86.111.137"/>
<host name="cdn.store.steampowered.com"
ip="23.63.98.10 23.63.98.17 23.63.98.18 23.63.98.19 23.63.98.26 23.63.98.27 23.63.98.32 23.63.98.33 23.63.98.41 23.63.98.43 23.63.99.58 23.63.99.90 104.86.110.249 104.86.111.137"/>
<host name="cgpromotion.azurewebsites.net"
ip="104.40.183.236"/>
<host name="cgpromotion.blob.core.windows.net"
ip="168.61.57.78"/>
<host name="clientconfig.akamai.steamstatic.com"
ip="23.63.98.10 23.63.98.17 23.63.98.18 23.63.98.19 23.63.98.26 23.63.98.27 23.63.98.32 23.63.98.33 23.63.98.41 23.63.98.43 23.63.99.58 23.63.99.90 104.86.110.249 104.86.111.137"/>
<host name="dreamfallchapters.azurewebsites.net"
ip="191.238.8.26"/>
<host name="images.akamai.steamusercontent.com"
ip="23.63.98.10 23.63.98.17 23.63.98.18 23.63.98.19 23.63.98.26 23.63.98.27 23.63.98.32 23.63.98.33 23.63.98.41 23.63.98.43 23.63.99.58 23.63.99.90 104.86.110.249 104.86.111.137"/>
<host name="media.steampowered.com"
ip="23.63.98.10 23.63.98.17 23.63.98.18 23.63.98.19 23.63.98.26 23.63.98.27 23.63.98.32 23.63.98.33 23.63.98.41 23.63.98.43 23.63.99.58 23.63.99.90 104.86.110.249 104.86.111.137"/>
<host name="media2.steampowered.com"
ip="205.185.216.10 205.185.216.42"/>
<host name="media3.steampowered.com"
ip="8.253.70.30 8.253.70.110 8.253.70.142 8.254.191.46 8.254.191.94 8.254.191.238"/>
<host name="media4.steampowered.com"
ip="23.63.98.10 23.63.98.17 23.63.98.18 23.63.98.19 23.63.98.26 23.63.98.27 23.63.98.32 23.63.98.33 23.63.98.41 23.63.98.43 23.63.99.58 23.63.99.90 104.86.110.249 104.86.111.137"/>
<host name="repo.steampowered.com"
ip="23.63.98.10 23.63.98.17 23.63.98.18 23.63.98.19 23.63.98.26 23.63.98.27 23.63.98.32 23.63.98.33 23.63.98.41 23.63.98.43 23.63.99.58 23.63.99.90 104.86.110.249 104.86.111.137"/>
<host name="steamcdn-a.akamaihd.net"
ip="23.67.255.200 23.67.255.208 104.86.110.27 104.86.110.35"/>
<host name="steamcloud-dub.s3.amazonaws.com"
ip="54.231.134.106"/>
<host name="steamcloud-eu.storage.googleapis.com"
ip="216.58.198.208 216.58.198.240 216.58.213.112"/>
<host name="steamcloudams.blob.core.windows.net"
ip="168.61.58.14"/>
<host name="steamclouddub.blob.core.windows.net"
ip="191.235.193.40"/>
<host name="steamcommunity-a.akamaihd.net"
ip="23.63.99.219 23.67.255.202 104.86.110.24 104.86.110.75"/>
<host name="steamcommunity.com"
ip="23.195.77.152 23.205.213.78 92.122.219.245 104.71.179.142 173.223.184.147"/>
<host name="steamstore-a.akamaihd.net"
ip="23.63.99.208 23.63.99.240 104.86.110.24 104.86.110.81"/>
<host name="store.akamai.steamstatic.com"
ip="23.63.98.10 23.63.98.17 23.63.98.18 23.63.98.19 23.63.98.26 23.63.98.27 23.63.98.32 23.63.98.33 23.63.98.41 23.63.98.43 23.63.99.58 23.63.99.90 104.86.110.249 104.86.111.137"/>
<host name="store.steampowered.com"
ip="23.195.77.152 23.205.213.78 92.122.219.245 104.71.179.142 173.223.184.147"/>
</dns>
Firewall
Outbound Rules - Change the MAC address in the source-mac= element to your own:
<rule-set name="Steam Client: Outbound" source-interface="LAN" target-interface="pppoe" no-match-action="continue">
<rule name="NTP"
target-port="123"
protocol="17"
action="accept"/>
<rule name="TCP"
target-port="27014-27050"
protocol="6"
action="accept"/>
<rule name="UDP"
target-port="3478 4379 4380 27000-27030"
protocol="17"
action="accept"/>
<rule name="Akamai CDN"
target-ip="23.63.98.0/23 23.67.255.0/24 23.195.64.0/20 23.205.212.0/22 92.122.218.0/23 104.71.176.0/20 104.86.110.0/23 173.223.176.0/20"
target-port="80 443"
protocol="6"
action="accept"/>
<rule name="Google Cloud"
target-ip="216.58.213.112"
target-port="80 443"
protocol="6"
action="accept"/>
<rule name="Highwinds CDN"
target-ip="205.185.216.10 205.185.216.42"
target-port="80 443"
protocol="6"
action="accept"/>
<rule name="Level3 CDN"
target-ip="8.253.70.30 8.253.70.110 8.253.70.142 8.254.191.94 8.254.191.238 212.73.205.178"
target-port="80 443"
protocol="6"
action="accept"/>
<rule name="Microsoft Cloud"
target-ip="104.40.183.236 168.61.57.78 168.61.58.14 191.235.193.40"
target-port="80 443"
protocol="6"
action="accept"/>
<rule name="Paypal Payments"
target-ip="66.235.148.64 66.235.148.128/31"
target-port="80 443"
protocol="6"
action="accept"/>
<rule name="Telia Network"
target-ip="62.115.11.250 80.239.194.146"
target-port="80 443"
protocol="6"
action="accept"/>
<rule name="Valve Software"
target-ip="103.10.124.0/24 146.66.155.0/24 155.133.245.0/24 155.133.248.0/24 162.254.192.0/22 162.254.196.0/23 162.254.198.0/32 205.196.6.0/24"
target-port="80 443"
protocol="6"
action="accept"/>
<rule name="Deny All"
source-mac="408D5C57F303 D8CB8AA2464E"
action="reject"/>
</rule-set>
Inbound Rules - Change the IP address in the target-ip= element to your own:
<rule-set name="Steam Client: Inbound" target-interface="LAN" no-match-action="reject">
<rule name="Allow Firebrick" source-interface="self"/>
<rule name="TCP" target-ip="217.169.11.114/31" target-port="27014-27050" protocol="6" action="accept"/>
<rule name="UDP" target-ip="217.169.11.114/31" target-port="3478 4379 4380 27000-27030" protocol="17" action="accept"/>
</rule-set>
Technical Notes
Steam used to have a huge amount of servers (some from Limelight CDN) located around the world and older versions of the software used an inefficient method to connect users to the servers.
Steam has made a big improvement on the game delivery system by using 3 different high performing CDN companies, Akamai, Highwinds and Level 3.
- media.steampowered.com = Akamai
- media2.steampowered.com = Highwinds
- media3.steampowered.com = Level 3
- media4.steampowered.com = Akamai
Running steam will download a small file from http://client-download.steampowered.com/client/ containing a list of files with SHA-1 checksum and size in bytes to check if steam is up to date.
If steam is outdated, it will need to download the updated files by randomly selecting one of the CDN hosts and that host will be used to serve the files.
Origin Server
The origin server is where each CDN will pull the files from. The origin server has a hostname of cdn-01-origin.steampowered.com or cdn-01.steampowered.com.
Steam Cloud
The steam cloud normally stores saved game data, allowing you to use that data on another system.
Here is a list of which hostnames belong to which game:
Deponia (The Complete Journey)
- cgpromotion.azurewebsites.net
- cgpromotion.blob.core.windows.net
Deponia Doomsday
- cgpromotion.azurewebsites.net
- cgpromotion.blob.core.windows.net
Dreamfall Chapters
- dreamfallchapters.azurewebsites.net
- steamcloud-dub.s3.amazonaws.com