FireBrick Firewall - Steam Client: Difference between revisions
CrazyTeeka (talk | contribs) |
CrazyTeeka (talk | contribs) m (PayPal (1)) |
||
(54 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
This firewall allows both inbound and outbound traffic to the steam client, all other traffic is |
This firewall allows both inbound and outbound traffic to reach the steam client, all other traffic is rejected. It is written for gaming systems that will only be using the steam client. |
||
=Static DNS= |
=Static DNS= |
||
Static DNS |
Static DNS manages control over which IP's the steam client can use: |
||
<syntaxhighlight> |
<syntaxhighlight lang=xml> |
||
<dns resolvers="2001:8b0::2020 2001:8b0::2021 217.169.20.20 217.169.20.21"> |
<dns resolvers="2001:8b0::2020 2001:8b0::2021 217.169.20.20 217.169.20.21"> |
||
<host name="api.steampowered.com" ip="23.205.213.78"/> |
|||
<host name="cdn.akamai.steamstatic.com" ip="23.63.98.26 23.63.98.32"/> |
|||
ip="23.63.98.10 23.63.98.17 23.63.98.18 23.63.98.19 23.63.98.26 23.63.98.27 23.63.98.32 23.63.98.33 23.63.98.41 23.63.98.43 23.63.99.58 23.63.99.90 104.86.110.249 104.86.111.137"/> |
|||
<host name="cdn.store.steampowered.com" ip="23.63.98.26 23.63.98.32"/> |
|||
<host name="cgpromotion.azurewebsites.net" ip="104.40.183.236"/> |
|||
ip="23.63.99.219 23.67.255.202"/> |
|||
<host name="cgpromotion.blob.core.windows.net" ip="168.61.57.78"/> |
|||
<host name="clientconfig.akamai.steamstatic.com" ip="23.63.98.26 23.63.98.32"/> |
|||
<host name="crash.steampowered.com" ip="208.64.203.140 208.64.203.173"/> |
|||
<host name="crl4.digicert.com" ip="66.225.197.197"/> |
|||
ip="23.67.255.200 23.67.255.208"/> |
|||
<host name="dreamfallchapters.azurewebsites.net" ip="191.238.8.26"/> |
|||
<host name="api.steampowered.com" |
|||
<host name="images.akamai.steamusercontent.com" ip="23.63.98.26 23.63.98.32"/> |
|||
ip="23.195.77.152 23.205.213.78 92.122.219.245 104.71.179.142 173.223.184.147"/> |
|||
<host name="media.steampowered.com" ip="23.63.98.26 23.63.98.32"/> |
|||
<host name="media2.steampowered.com" ip="205.185.216.10 205.185.216.42"/> |
|||
ip="23.63.98.10 23.63.98.17 23.63.98.18 23.63.98.19 23.63.98.26 23.63.98.27 23.63.98.32 23.63.98.33 23.63.98.41 23.63.98.43 23.63.99.58 23.63.99.90 104.86.110.249 104.86.111.137"/> |
|||
<host name="media3.steampowered.com" ip="8.253.70.30 8.253.70.110"/> |
|||
<host name="media4.steampowered.com" ip="23.63.98.26 23.63.98.32"/> |
|||
ip="23.63.98.10 23.63.98.17 23.63.98.18 23.63.98.19 23.63.98.26 23.63.98.27 23.63.98.32 23.63.98.33 23.63.98.41 23.63.98.43 23.63.99.58 23.63.99.90 104.86.110.249 104.86.111.137"/> |
|||
<host name="ocsp.digicert.com" ip="93.184.220.29"/> |
|||
<host name="paypal.d1.sc.omtrdc.net" ip="66.235.148.64"/> |
|||
<host name="repo.steampowered.com" ip="23.63.98.26 23.63.98.32"/> |
|||
<host name="s1.symcb.com" ip="2.22.133.163"/> |
|||
<host name="s2.symcb.com" ip="2.22.139.27"/> |
|||
<host name="steamcdn-a.akamaihd.net" ip="23.67.255.200 23.67.255.208"/> |
|||
ip="23.63.98.10 23.63.98.17 23.63.98.18 23.63.98.19 23.63.98.26 23.63.98.27 23.63.98.32 23.63.98.33 23.63.98.41 23.63.98.43 23.63.99.58 23.63.99.90 104.86.110.249 104.86.111.137"/> |
|||
<host name="steamcloud-eu.storage.googleapis.com" ip="216.58.198.208 216.58.198.240"/> |
|||
<host name="images.akamai.steamusercontent.com" |
|||
<host name="steamcloudams.blob.core.windows.net" ip="168.61.58.14"/> |
|||
ip="23.63.98.10 23.63.98.17 23.63.98.18 23.63.98.19 23.63.98.26 23.63.98.27 23.63.98.32 23.63.98.33 23.63.98.41 23.63.98.43 23.63.99.58 23.63.99.90 104.86.110.249 104.86.111.137"/> |
|||
<host name="steamclouddub.blob.core.windows.net" ip="191.235.193.40"/> |
|||
<host name="media.steampowered.com" |
|||
<host name="steamcommunity-a.akamaihd.net" ip="23.63.99.219 23.67.255.202"/> |
|||
ip="23.63.98.10 23.63.98.17 23.63.98.18 23.63.98.19 23.63.98.26 23.63.98.27 23.63.98.32 23.63.98.33 23.63.98.41 23.63.98.43 23.63.99.58 23.63.99.90 104.86.110.249 104.86.111.137"/> |
|||
<host name="steamcommunity.com" ip="23.63.99.219 23.67.255.202"/> |
|||
<host name="steamstore-a.akamaihd.net" ip="23.63.99.208 23.63.99.240"/> |
|||
<host name="store.akamai.steamstatic.com" ip="23.63.98.26 23.63.98.32"/> |
|||
<host name="store.steampowered.com" ip="23.205.213.78"/> |
|||
ip="8.253.70.30 8.253.70.110 8.253.70.142 8.254.191.94 8.254.191.238"/> |
|||
<host name="t.paypal.com" ip="173.223.190.173"/> |
|||
<host name="www.paypal.com" ip="173.223.190.173"/> |
|||
ip="23.63.98.10 23.63.98.17 23.63.98.18 23.63.98.19 23.63.98.26 23.63.98.27 23.63.98.32 23.63.98.33 23.63.98.41 23.63.98.43 23.63.99.58 23.63.99.90 104.86.110.249 104.86.111.137"/> |
|||
<host name="www.paypalobjects.com" ip="23.65.43.145"/> |
|||
ip="23.63.98.10 23.63.98.17 23.63.98.18 23.63.98.19 23.63.98.26 23.63.98.27 23.63.98.32 23.63.98.33 23.63.98.41 23.63.98.43 23.63.99.58 23.63.99.90 104.86.110.249 104.86.111.137"/> |
|||
<host name="steamcdn-a.akamaihd.net" |
|||
ip="23.67.255.200 23.67.255.208"/> |
|||
<host name="steamcloud-eu.storage.googleapis.com" |
|||
ip="216.58.213.112"/> |
|||
<host name="steamcloudams.blob.core.windows.net" |
|||
ip="168.61.58.14"/> |
|||
<host name="steamclouddub.blob.core.windows.net" |
|||
ip="191.235.193.40"/> |
|||
<host name="steamcommunity-a.akamaihd.net" |
|||
ip="23.63.99.219 23.67.255.202"/> |
|||
<host name="steamcommunity.com" |
|||
ip="23.195.77.152 23.205.213.78 92.122.219.245 104.71.179.142 173.223.184.147"/> |
|||
<host name="steamstore-a.akamaihd.net" |
|||
ip="23.63.99.208 23.63.99.240"/> |
|||
<host name="store.akamai.steamstatic.com" |
|||
ip="23.63.98.10 23.63.98.17 23.63.98.18 23.63.98.19 23.63.98.26 23.63.98.27 23.63.98.32 23.63.98.33 23.63.98.41 23.63.98.43 23.63.99.58 23.63.99.90 104.86.110.249 104.86.111.137"/> |
|||
<host name="store.steampowered.com" |
|||
ip="23.195.77.152 23.205.213.78 92.122.219.245 104.71.179.142 173.223.184.147"/> |
|||
</dns> |
</dns> |
||
</syntaxhighlight> |
</syntaxhighlight> |
||
=Firewall= |
=Firewall= |
||
Line 66: | Line 45: | ||
Outbound Rules - Change the MAC address in the source-mac= element to your own: |
Outbound Rules - Change the MAC address in the source-mac= element to your own: |
||
<syntaxhighlight> |
<syntaxhighlight lang=xml> |
||
<rule-set name="Steam Client: Outbound" source-interface="LAN" target-interface="pppoe" no-match-action="continue"> |
<rule-set name="Steam Client: Outbound" source-interface="LAN" target-interface="pppoe" no-match-action="continue"> |
||
<rule name="NTP" |
<rule name="Steam OS: NTP" |
||
target-port="123" |
target-port="123" |
||
protocol="17" |
protocol="17" |
||
action="accept"/> |
action="accept"/> |
||
<rule name="TCP" |
<rule name="Steam Client: TCP" |
||
target-port="27014-27050" |
target-port="27014-27050" |
||
protocol="6" |
protocol="6" |
||
action="accept"/> |
action="accept"/> |
||
<rule name="UDP" |
<rule name="Steam Client: UDP" |
||
target-port="3478 4379 4380 27000-27030" |
target-port="3478 4379 4380 27000-27030" |
||
protocol="17" |
protocol="17" |
||
action="accept"/> |
action="accept"/> |
||
<rule name=" |
<rule name="CDN: Akamai" |
||
target-ip="23. |
target-ip="23.32.0.0/11 23.64.0.0/14 23.192.0.0/12 92.122.0.0/15 104.64.0.0/10 173.223.176.0/20" |
||
target-port="80 443" |
target-port="80 443" |
||
protocol="6" |
protocol="6" |
||
action="accept"/> |
action="accept"/> |
||
<rule name=" |
<rule name="CDN: Highwinds" |
||
target-ip="216. |
target-ip="205.185.216.10 205.185.216.42" |
||
target-port="80 443" |
target-port="80 443" |
||
protocol="6" |
protocol="6" |
||
action="accept"/> |
action="accept"/> |
||
<rule name=" |
<rule name="CDN: Level 3" |
||
target-ip=" |
target-ip="8.253.70.30 8.253.70.110" |
||
target-port="80 443" |
target-port="80 443" |
||
protocol="6" |
protocol="6" |
||
action="accept"/> |
action="accept"/> |
||
<rule name=" |
<rule name="Steam Cloud: Amazon Web Services" |
||
target-ip=" |
target-ip="54.231.130.0/23 54.231.132.0/22 54.231.136.0/22 54.231.140.0/23 54.231.142.0/24" |
||
target-port="80 443" |
target-port="80 443" |
||
protocol="6" |
protocol="6" |
||
action="accept"/> |
action="accept"/> |
||
<rule name=" |
<rule name="Steam Cloud: Google Cloud Platform" |
||
target-ip=" |
target-ip="216.58.198.208 216.58.198.240" |
||
target-port="80 443" |
target-port="80 443" |
||
protocol="6" |
protocol="6" |
||
action="accept"/> |
action="accept"/> |
||
<rule name=" |
<rule name="Steam Cloud: Microsoft Azure" |
||
target-ip=" |
target-ip="104.40.183.236 168.61.57.78 168.61.58.14 191.235.193.40 191.238.8.26" |
||
target-port="80 443" |
target-port="80 443" |
||
protocol="6" |
protocol="6" |
||
action="accept"/> |
action="accept"/> |
||
<rule name=" |
<rule name="PayPal Payments" |
||
target-ip=" |
target-ip="2.22.133.163 2.22.139.27 23.65.43.145 66.225.197.197 66.235.148.64 93.184.220.29 173.223.190.173" |
||
target-port="80 443" |
target-port="80 443" |
||
protocol="6" |
protocol="6" |
||
action="accept"/> |
action="accept"/> |
||
<rule name="Valve Software" |
<rule name="Valve Software" |
||
target-ip="103.10.124.0/ |
target-ip="103.10.124.0/23 146.66.155.0/24 155.133.224.0/19 162.254.192.0/21 205.196.6.0/24 208.64.200.0/22" |
||
target-port="80 443" |
target-port="80 443" |
||
protocol="6" |
protocol="6" |
||
action="accept"/> |
action="accept"/> |
||
<rule name="Deny All" |
<rule name="Deny All" |
||
source-mac=" |
source-mac="D8CB8AA2464E" |
||
action="reject"/> |
action="reject"/> |
||
</rule-set> |
</rule-set> |
||
Line 128: | Line 107: | ||
Inbound Rules - Change the IP address in the target-ip= element to your own: |
Inbound Rules - Change the IP address in the target-ip= element to your own: |
||
<syntaxhighlight> |
<syntaxhighlight lang=xml> |
||
<rule-set name="Steam Client: Inbound" target-interface="LAN" no-match-action="reject"> |
<rule-set name="Steam Client: Inbound" target-interface="LAN" no-match-action="reject"> |
||
<rule name="Allow Firebrick" source-interface="self"/> |
<rule name="Allow Firebrick" source-interface="self"/> |
||
<rule name="TCP" target-ip="217.169.11.114/31" target-port="27014-27050" protocol="6" action="accept"/> |
<rule name="Steam Client: TCP" target-ip="217.169.11.114/31" target-port="27014-27050" protocol="6" action="accept"/> |
||
<rule name="UDP" target-ip="217.169.11.114/31" target-port="3478 4379 4380 27000-27030" protocol="17" action="accept"/> |
<rule name="Steam Client: UDP" target-ip="217.169.11.114/31" target-port="3478 4379 4380 27000-27030" protocol="17" action="accept"/> |
||
</rule-set> |
</rule-set> |
||
</syntaxhighlight> |
</syntaxhighlight> |
||
=Technical Notes= |
=Technical Notes= |
||
Steam's game delivery system uses 3 different high performing CDN companies: Akamai, Highwinds and Level 3. |
|||
Steam used to have a huge amount of servers (some from Limelight CDN) located around the world and older versions of the software used an inefficient method to connect users to the servers. |
|||
Steam has made a big improvement on the game delivery system by using 3 different high performing CDN companies, Akamai, Highwinds and Level 3. |
|||
*media.steampowered.com = Akamai |
*media.steampowered.com = Akamai |
||
*media2.steampowered.com = Highwinds |
*media2.steampowered.com = Highwinds |
||
*media3.steampowered.com = Level 3 |
*media3.steampowered.com = Level 3 |
||
*media4.steampowered.com = Akamai |
*media4.steampowered.com = Akamai |
||
==Origin Server== |
|||
Running steam will download a small file from http://client-download.steampowered.com/client/ containing a list of files with SHA-1 checksum and size in bytes to check if steam is up to date. |
|||
The origin server is where each CDN will pull files from. The origin server hostnames are: |
|||
If steam is outdated, it will need to download the updated files by randomly selecting one of the CDN hosts and that host will be used to serve the files. |
|||
*cdn-01-origin.steampowered.com |
|||
*cdn-01.steampowered.com |
|||
== |
==Steam Client== |
||
This documents what hostnames the steam client uses and when. |
|||
The origin server is where each CDN will pull the files from. The origin server has a hostname of cdn-01-origin.steampowered.com or cdn-01.steampowered.com. |
|||
On startup: |
|||
==Steam Cloud== |
|||
*repo.steampowered.com |
|||
*client-download.steampowered.com |
|||
*media.steampowered.com (Randomly Selected) |
|||
*media2.steampowered.com (Randomly Selected) |
|||
*media3.steampowered.com (Randomly Selected) |
|||
*media4.steampowered.com (Randomly Selected) |
|||
*api.steampowered.com |
|||
*clientconfig.akamai.steamstatic.com |
|||
*steamcommunity-a.akamaihd.net |
|||
*store.steampowered.com |
|||
*cdn.akamai.steamstatic.com |
|||
*steamcommunity.com |
|||
*br01.broadcast.fra.steamstatic.com (Randomly Selected) |
|||
*br01.broadcast.lax.steamstatic.com (Randomly Selected) |
|||
*br01.broadcast.lon.steamstatic.com (Randomly Selected) |
|||
*br01.broadcast.ord.steamstatic.com (Randomly Selected) |
|||
*br01.broadcast.sto.steamstatic.com (Randomly Selected) |
|||
*br02.broadcast.fra.steamstatic.com (Randomly Selected) |
|||
*br02.broadcast.lax.steamstatic.com (Randomly Selected) |
|||
*br02.broadcast.lon.steamstatic.com (Randomly Selected) |
|||
*br02.broadcast.ord.steamstatic.com (Randomly Selected) |
|||
*br02.broadcast.sto.steamstatic.com (Randomly Selected) |
|||
*br03.broadcast.fra.steamstatic.com (Randomly Selected) |
|||
*br03.broadcast.lax.steamstatic.com (Randomly Selected) |
|||
*br03.broadcast.lon.steamstatic.com (Randomly Selected) |
|||
*br03.broadcast.ord.steamstatic.com (Randomly Selected) |
|||
*br03.broadcast.sto.steamstatic.com (Randomly Selected) |
|||
*br04.broadcast.fra.steamstatic.com (Randomly Selected) |
|||
*br04.broadcast.lax.steamstatic.com (Randomly Selected) |
|||
*br04.broadcast.lon.steamstatic.com (Randomly Selected) |
|||
*br04.broadcast.ord.steamstatic.com (Randomly Selected) |
|||
*br04.broadcast.sto.steamstatic.com (Randomly Selected) |
|||
Entering the Store: |
|||
The steam cloud normally stores saved game data, allowing you to use that data on another system. |
|||
*store.steampowered.com |
|||
*store.akamai.steamstatic.com |
|||
Exploring your Queue: |
|||
*store.steampowered.com |
|||
*cdn.akamai.steamstatic.com |
|||
PayPal Payments: |
|||
Here is a list of which hostnames belong to which game: |
|||
*store.steampowered.com |
|||
*ocsp.digicert.com |
|||
*crl4.digicert.com |
|||
*www.paypal.com |
|||
*s2.symcb.com |
|||
*s1.symcb.com |
|||
*www.paypalobjects.com |
|||
*paypal.d1.sc.omtrdc.net |
|||
*t.paypal.com |
|||
==Steam Cloud== |
|||
The steam cloud stores a copy of local saved games, allowing you to use them on another system running the steam client. Here is a list of which hostnames belong to which game: |
|||
Deponia |
Deponia: The Complete Journey |
||
*cgpromotion.azurewebsites.net |
*cgpromotion.azurewebsites.net |
||
*cgpromotion.blob.core.windows.net |
*cgpromotion.blob.core.windows.net |
||
Line 175: | Line 202: | ||
*dreamfallchapters.azurewebsites.net |
*dreamfallchapters.azurewebsites.net |
||
*steamcloud-dub.s3.amazonaws.com |
*steamcloud-dub.s3.amazonaws.com |
||
==IP Reference== |
|||
This documents what range of IP's belong to which CDN node and steam hostname. |
|||
cdn.akamai.steamstatic.com:<br> |
|||
cdn.store.steampowered.com:<br> |
|||
clientconfig.akamai.steamstatic.com:<br> |
|||
images.akamai.steamusercontent.com:<br> |
|||
media.steampowered.com:<br> |
|||
media4.steampowered.com:<br> |
|||
repo.steampowered.com:<br> |
|||
store.akamai.steamstatic.com: |
|||
*a1507.d.akamai.net |
|||
*23.63.98.26 (Primary) |
|||
*23.63.98.32 (Primary) |
|||
*23.63.98.10 |
|||
*23.63.98.17 |
|||
*23.63.98.18 |
|||
*23.63.98.19 |
|||
*23.63.98.27 |
|||
*23.63.98.33 |
|||
*23.63.98.41 |
|||
*23.63.98.43 |
|||
*23.63.99.58 |
|||
*23.63.99.90 |
|||
*104.86.110.249 |
|||
*104.86.111.137 |
|||
steamcommunity-a.akamaihd.net: |
|||
*a1697.g.akamai.net |
|||
*23.63.99.219 (Primary) |
|||
*23.67.255.202 (Primary) |
|||
*104.86.110.24 |
|||
*104.86.110.75 |
|||
steamstore-a.akamaihd.net: |
|||
*a1737.g.akamai.net |
|||
*23.63.99.208 (Primary) |
|||
*23.63.99.240 (Primary) |
|||
*104.86.110.24 |
|||
*104.86.110.81 |
|||
steamcdn-a.akamaihd.net: |
|||
*a1843.g.akamai.net |
|||
*23.67.255.200 (Primary) |
|||
*23.67.255.208 (Primary) |
|||
*104.86.110.27 |
|||
*104.86.110.35 |
Latest revision as of 14:44, 17 March 2017
This firewall allows both inbound and outbound traffic to reach the steam client, all other traffic is rejected. It is written for gaming systems that will only be using the steam client.
Static DNS
Static DNS manages control over which IP's the steam client can use:
<dns resolvers="2001:8b0::2020 2001:8b0::2021 217.169.20.20 217.169.20.21">
<host name="api.steampowered.com" ip="23.205.213.78"/>
<host name="cdn.akamai.steamstatic.com" ip="23.63.98.26 23.63.98.32"/>
<host name="cdn.store.steampowered.com" ip="23.63.98.26 23.63.98.32"/>
<host name="cgpromotion.azurewebsites.net" ip="104.40.183.236"/>
<host name="cgpromotion.blob.core.windows.net" ip="168.61.57.78"/>
<host name="clientconfig.akamai.steamstatic.com" ip="23.63.98.26 23.63.98.32"/>
<host name="crash.steampowered.com" ip="208.64.203.140 208.64.203.173"/>
<host name="crl4.digicert.com" ip="66.225.197.197"/>
<host name="dreamfallchapters.azurewebsites.net" ip="191.238.8.26"/>
<host name="images.akamai.steamusercontent.com" ip="23.63.98.26 23.63.98.32"/>
<host name="media.steampowered.com" ip="23.63.98.26 23.63.98.32"/>
<host name="media2.steampowered.com" ip="205.185.216.10 205.185.216.42"/>
<host name="media3.steampowered.com" ip="8.253.70.30 8.253.70.110"/>
<host name="media4.steampowered.com" ip="23.63.98.26 23.63.98.32"/>
<host name="ocsp.digicert.com" ip="93.184.220.29"/>
<host name="paypal.d1.sc.omtrdc.net" ip="66.235.148.64"/>
<host name="repo.steampowered.com" ip="23.63.98.26 23.63.98.32"/>
<host name="s1.symcb.com" ip="2.22.133.163"/>
<host name="s2.symcb.com" ip="2.22.139.27"/>
<host name="steamcdn-a.akamaihd.net" ip="23.67.255.200 23.67.255.208"/>
<host name="steamcloud-eu.storage.googleapis.com" ip="216.58.198.208 216.58.198.240"/>
<host name="steamcloudams.blob.core.windows.net" ip="168.61.58.14"/>
<host name="steamclouddub.blob.core.windows.net" ip="191.235.193.40"/>
<host name="steamcommunity-a.akamaihd.net" ip="23.63.99.219 23.67.255.202"/>
<host name="steamcommunity.com" ip="23.63.99.219 23.67.255.202"/>
<host name="steamstore-a.akamaihd.net" ip="23.63.99.208 23.63.99.240"/>
<host name="store.akamai.steamstatic.com" ip="23.63.98.26 23.63.98.32"/>
<host name="store.steampowered.com" ip="23.205.213.78"/>
<host name="t.paypal.com" ip="173.223.190.173"/>
<host name="www.paypal.com" ip="173.223.190.173"/>
<host name="www.paypalobjects.com" ip="23.65.43.145"/>
</dns>
Firewall
Outbound Rules - Change the MAC address in the source-mac= element to your own:
<rule-set name="Steam Client: Outbound" source-interface="LAN" target-interface="pppoe" no-match-action="continue">
<rule name="Steam OS: NTP"
target-port="123"
protocol="17"
action="accept"/>
<rule name="Steam Client: TCP"
target-port="27014-27050"
protocol="6"
action="accept"/>
<rule name="Steam Client: UDP"
target-port="3478 4379 4380 27000-27030"
protocol="17"
action="accept"/>
<rule name="CDN: Akamai"
target-ip="23.32.0.0/11 23.64.0.0/14 23.192.0.0/12 92.122.0.0/15 104.64.0.0/10 173.223.176.0/20"
target-port="80 443"
protocol="6"
action="accept"/>
<rule name="CDN: Highwinds"
target-ip="205.185.216.10 205.185.216.42"
target-port="80 443"
protocol="6"
action="accept"/>
<rule name="CDN: Level 3"
target-ip="8.253.70.30 8.253.70.110"
target-port="80 443"
protocol="6"
action="accept"/>
<rule name="Steam Cloud: Amazon Web Services"
target-ip="54.231.130.0/23 54.231.132.0/22 54.231.136.0/22 54.231.140.0/23 54.231.142.0/24"
target-port="80 443"
protocol="6"
action="accept"/>
<rule name="Steam Cloud: Google Cloud Platform"
target-ip="216.58.198.208 216.58.198.240"
target-port="80 443"
protocol="6"
action="accept"/>
<rule name="Steam Cloud: Microsoft Azure"
target-ip="104.40.183.236 168.61.57.78 168.61.58.14 191.235.193.40 191.238.8.26"
target-port="80 443"
protocol="6"
action="accept"/>
<rule name="PayPal Payments"
target-ip="2.22.133.163 2.22.139.27 23.65.43.145 66.225.197.197 66.235.148.64 93.184.220.29 173.223.190.173"
target-port="80 443"
protocol="6"
action="accept"/>
<rule name="Valve Software"
target-ip="103.10.124.0/23 146.66.155.0/24 155.133.224.0/19 162.254.192.0/21 205.196.6.0/24 208.64.200.0/22"
target-port="80 443"
protocol="6"
action="accept"/>
<rule name="Deny All"
source-mac="D8CB8AA2464E"
action="reject"/>
</rule-set>
Inbound Rules - Change the IP address in the target-ip= element to your own:
<rule-set name="Steam Client: Inbound" target-interface="LAN" no-match-action="reject">
<rule name="Allow Firebrick" source-interface="self"/>
<rule name="Steam Client: TCP" target-ip="217.169.11.114/31" target-port="27014-27050" protocol="6" action="accept"/>
<rule name="Steam Client: UDP" target-ip="217.169.11.114/31" target-port="3478 4379 4380 27000-27030" protocol="17" action="accept"/>
</rule-set>
Technical Notes
Steam's game delivery system uses 3 different high performing CDN companies: Akamai, Highwinds and Level 3.
- media.steampowered.com = Akamai
- media2.steampowered.com = Highwinds
- media3.steampowered.com = Level 3
- media4.steampowered.com = Akamai
Origin Server
The origin server is where each CDN will pull files from. The origin server hostnames are:
- cdn-01-origin.steampowered.com
- cdn-01.steampowered.com
Steam Client
This documents what hostnames the steam client uses and when.
On startup:
- repo.steampowered.com
- client-download.steampowered.com
- media.steampowered.com (Randomly Selected)
- media2.steampowered.com (Randomly Selected)
- media3.steampowered.com (Randomly Selected)
- media4.steampowered.com (Randomly Selected)
- api.steampowered.com
- clientconfig.akamai.steamstatic.com
- steamcommunity-a.akamaihd.net
- store.steampowered.com
- cdn.akamai.steamstatic.com
- steamcommunity.com
- br01.broadcast.fra.steamstatic.com (Randomly Selected)
- br01.broadcast.lax.steamstatic.com (Randomly Selected)
- br01.broadcast.lon.steamstatic.com (Randomly Selected)
- br01.broadcast.ord.steamstatic.com (Randomly Selected)
- br01.broadcast.sto.steamstatic.com (Randomly Selected)
- br02.broadcast.fra.steamstatic.com (Randomly Selected)
- br02.broadcast.lax.steamstatic.com (Randomly Selected)
- br02.broadcast.lon.steamstatic.com (Randomly Selected)
- br02.broadcast.ord.steamstatic.com (Randomly Selected)
- br02.broadcast.sto.steamstatic.com (Randomly Selected)
- br03.broadcast.fra.steamstatic.com (Randomly Selected)
- br03.broadcast.lax.steamstatic.com (Randomly Selected)
- br03.broadcast.lon.steamstatic.com (Randomly Selected)
- br03.broadcast.ord.steamstatic.com (Randomly Selected)
- br03.broadcast.sto.steamstatic.com (Randomly Selected)
- br04.broadcast.fra.steamstatic.com (Randomly Selected)
- br04.broadcast.lax.steamstatic.com (Randomly Selected)
- br04.broadcast.lon.steamstatic.com (Randomly Selected)
- br04.broadcast.ord.steamstatic.com (Randomly Selected)
- br04.broadcast.sto.steamstatic.com (Randomly Selected)
Entering the Store:
- store.steampowered.com
- store.akamai.steamstatic.com
Exploring your Queue:
- store.steampowered.com
- cdn.akamai.steamstatic.com
PayPal Payments:
- store.steampowered.com
- ocsp.digicert.com
- crl4.digicert.com
- www.paypal.com
- s2.symcb.com
- s1.symcb.com
- www.paypalobjects.com
- paypal.d1.sc.omtrdc.net
- t.paypal.com
Steam Cloud
The steam cloud stores a copy of local saved games, allowing you to use them on another system running the steam client. Here is a list of which hostnames belong to which game:
Deponia: The Complete Journey
- cgpromotion.azurewebsites.net
- cgpromotion.blob.core.windows.net
Deponia Doomsday
- cgpromotion.azurewebsites.net
- cgpromotion.blob.core.windows.net
Dreamfall Chapters
- dreamfallchapters.azurewebsites.net
- steamcloud-dub.s3.amazonaws.com
IP Reference
This documents what range of IP's belong to which CDN node and steam hostname.
cdn.akamai.steamstatic.com:
cdn.store.steampowered.com:
clientconfig.akamai.steamstatic.com:
images.akamai.steamusercontent.com:
media.steampowered.com:
media4.steampowered.com:
repo.steampowered.com:
store.akamai.steamstatic.com:
- a1507.d.akamai.net
- 23.63.98.26 (Primary)
- 23.63.98.32 (Primary)
- 23.63.98.10
- 23.63.98.17
- 23.63.98.18
- 23.63.98.19
- 23.63.98.27
- 23.63.98.33
- 23.63.98.41
- 23.63.98.43
- 23.63.99.58
- 23.63.99.90
- 104.86.110.249
- 104.86.111.137
steamcommunity-a.akamaihd.net:
- a1697.g.akamai.net
- 23.63.99.219 (Primary)
- 23.67.255.202 (Primary)
- 104.86.110.24
- 104.86.110.75
steamstore-a.akamaihd.net:
- a1737.g.akamai.net
- 23.63.99.208 (Primary)
- 23.63.99.240 (Primary)
- 104.86.110.24
- 104.86.110.81
steamcdn-a.akamaihd.net:
- a1843.g.akamai.net
- 23.67.255.200 (Primary)
- 23.67.255.208 (Primary)
- 104.86.110.27
- 104.86.110.35