Jump to content

This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

FireBrick Firewall - Steam Client: Difference between revisions

← Older edit
Content deleted Content added
CrazyTeeka (talk | contribs)
editor
426 edits
No edit summary
CrazyTeeka (talk | contribs)
editor
426 edits
m PayPal (1)
 
(35 intermediate revisions by 2 users not shown)
Line 1: Line 1:
This firewall allows both inbound and outbound traffic to reach the steam client, all other traffic is rejected.
This firewall allows both inbound and outbound traffic to reach the steam client, all other traffic is rejected. It is written for gaming systems that will only be using the steam client.



=Static DNS=
=Static DNS=
Line 6: Line 5:
Static DNS manages control over which IP's the steam client can use:
Static DNS manages control over which IP's the steam client can use:


<syntaxhighlight>
<syntaxhighlight lang=xml>
<dns resolvers="2001:8b0::2020 2001:8b0::2021 217.169.20.20 217.169.20.21">
<dns resolvers="2001:8b0::2020 2001:8b0::2021 217.169.20.20 217.169.20.21">
<host name="a1507.d.akamai.net"
<host name="api.steampowered.com" ip="23.205.213.78"/>
<host name="cdn.akamai.steamstatic.com" ip="23.63.98.26 23.63.98.32"/>
ip="23.63.98.10 23.63.98.17 23.63.98.18 23.63.98.19 23.63.98.26 23.63.98.27 23.63.98.32 23.63.98.33 23.63.98.41 23.63.98.43 23.63.99.58 23.63.99.90 104.86.110.249 104.86.111.137"/>
<host name="a1697.g.akamai.net"
<host name="cdn.store.steampowered.com" ip="23.63.98.26 23.63.98.32"/>
<host name="cgpromotion.azurewebsites.net" ip="104.40.183.236"/>
ip="23.63.99.219 23.67.255.202 104.86.110.24 104.86.110.75"/>
<host name="a1737.g.akamai.net"
<host name="cgpromotion.blob.core.windows.net" ip="168.61.57.78"/>
ip="23.63.99.208 23.63.99.240 104.86.110.24 104.86.110.81"/>
<host name="clientconfig.akamai.steamstatic.com" ip="23.63.98.26 23.63.98.32"/>
<host name="a1843.g.akamai.net"
<host name="crash.steampowered.com" ip="208.64.203.140 208.64.203.173"/>
<host name="crl4.digicert.com" ip="66.225.197.197"/>
ip="23.67.255.200 23.67.255.208 104.86.110.27 104.86.110.35"/>
<host name="dreamfallchapters.azurewebsites.net" ip="191.238.8.26"/>
<host name="api.steampowered.com"
<host name="images.akamai.steamusercontent.com" ip="23.63.98.26 23.63.98.32"/>
ip="23.195.77.152 23.205.213.78 92.122.219.245 104.71.179.142 173.223.184.147"/>
<host name="cdn.akamai.steamstatic.com"
<host name="media.steampowered.com" ip="23.63.98.26 23.63.98.32"/>
<host name="media2.steampowered.com" ip="205.185.216.10 205.185.216.42"/>
ip="23.63.98.10 23.63.98.17 23.63.98.18 23.63.98.19 23.63.98.26 23.63.98.27 23.63.98.32 23.63.98.33 23.63.98.41 23.63.98.43 23.63.99.58 23.63.99.90 104.86.110.249 104.86.111.137"/>
<host name="cdn.store.steampowered.com"
<host name="media3.steampowered.com" ip="8.253.70.30 8.253.70.110"/>
<host name="media4.steampowered.com" ip="23.63.98.26 23.63.98.32"/>
ip="23.63.98.10 23.63.98.17 23.63.98.18 23.63.98.19 23.63.98.26 23.63.98.27 23.63.98.32 23.63.98.33 23.63.98.41 23.63.98.43 23.63.99.58 23.63.99.90 104.86.110.249 104.86.111.137"/>
<host name="cgpromotion.azurewebsites.net"
<host name="ocsp.digicert.com" ip="93.184.220.29"/>
ip="104.40.183.236"/>
<host name="paypal.d1.sc.omtrdc.net" ip="66.235.148.64"/>
<host name="cgpromotion.blob.core.windows.net"
<host name="repo.steampowered.com" ip="23.63.98.26 23.63.98.32"/>
ip="168.61.57.78"/>
<host name="s1.symcb.com" ip="2.22.133.163"/>
<host name="clientconfig.akamai.steamstatic.com"
<host name="s2.symcb.com" ip="2.22.139.27"/>
<host name="steamcdn-a.akamaihd.net" ip="23.67.255.200 23.67.255.208"/>
ip="23.63.98.10 23.63.98.17 23.63.98.18 23.63.98.19 23.63.98.26 23.63.98.27 23.63.98.32 23.63.98.33 23.63.98.41 23.63.98.43 23.63.99.58 23.63.99.90 104.86.110.249 104.86.111.137"/>
<host name="crash.steampowered.com"
<host name="steamcloud-eu.storage.googleapis.com" ip="216.58.198.208 216.58.198.240"/>
<host name="steamcloudams.blob.core.windows.net" ip="168.61.58.14"/>
ip="208.64.203.140 208.64.203.173"/>
<host name="dreamfallchapters.azurewebsites.net"
<host name="steamclouddub.blob.core.windows.net" ip="191.235.193.40"/>
<host name="steamcommunity-a.akamaihd.net" ip="23.63.99.219 23.67.255.202"/>
ip="191.238.8.26"/>
<host name="steamcommunity.com" ip="23.63.99.219 23.67.255.202"/>
<host name="images.akamai.steamusercontent.com"
<host name="steamstore-a.akamaihd.net" ip="23.63.99.208 23.63.99.240"/>
ip="23.63.98.10 23.63.98.17 23.63.98.18 23.63.98.19 23.63.98.26 23.63.98.27 23.63.98.32 23.63.98.33 23.63.98.41 23.63.98.43 23.63.99.58 23.63.99.90 104.86.110.249 104.86.111.137"/>
<host name="media.steampowered.com"
<host name="store.akamai.steamstatic.com" ip="23.63.98.26 23.63.98.32"/>
<host name="store.steampowered.com" ip="23.205.213.78"/>
ip="23.63.98.10 23.63.98.17 23.63.98.18 23.63.98.19 23.63.98.26 23.63.98.27 23.63.98.32 23.63.98.33 23.63.98.41 23.63.98.43 23.63.99.58 23.63.99.90 104.86.110.249 104.86.111.137"/>
<host name="media2.steampowered.com"
<host name="t.paypal.com" ip="173.223.190.173"/>
ip="205.185.216.10 205.185.216.42"/>
<host name="www.paypal.com" ip="173.223.190.173"/>
<host name="media3.steampowered.com"
<host name="www.paypalobjects.com" ip="23.65.43.145"/>
ip="8.253.70.30 8.253.70.110 8.253.70.142 8.254.191.46 8.254.191.94 8.254.191.238"/>
<host name="media4.steampowered.com"
ip="23.63.98.10 23.63.98.17 23.63.98.18 23.63.98.19 23.63.98.26 23.63.98.27 23.63.98.32 23.63.98.33 23.63.98.41 23.63.98.43 23.63.99.58 23.63.99.90 104.86.110.249 104.86.111.137"/>
<host name="repo.steampowered.com"
ip="23.63.98.10 23.63.98.17 23.63.98.18 23.63.98.19 23.63.98.26 23.63.98.27 23.63.98.32 23.63.98.33 23.63.98.41 23.63.98.43 23.63.99.58 23.63.99.90 104.86.110.249 104.86.111.137"/>
<host name="steamcdn-a.akamaihd.net"
ip="23.67.255.200 23.67.255.208 104.86.110.27 104.86.110.35"/>
<host name="steamcloud-eu.storage.googleapis.com"
ip="216.58.198.208 216.58.198.240 216.58.213.112"/>
<host name="steamcloudams.blob.core.windows.net"
ip="168.61.58.14"/>
<host name="steamclouddub.blob.core.windows.net"
ip="191.235.193.40"/>
<host name="steamcommunity-a.akamaihd.net"
ip="23.63.99.219 23.67.255.202 104.86.110.24 104.86.110.75"/>
<host name="steamcommunity.com"
ip="23.195.77.152 23.205.213.78 92.122.219.245 104.71.179.142 173.223.184.147"/>
<host name="steamstore-a.akamaihd.net"
ip="23.63.99.208 23.63.99.240 104.86.110.24 104.86.110.81"/>
<host name="store.akamai.steamstatic.com"
ip="23.63.98.10 23.63.98.17 23.63.98.18 23.63.98.19 23.63.98.26 23.63.98.27 23.63.98.32 23.63.98.33 23.63.98.41 23.63.98.43 23.63.99.58 23.63.99.90 104.86.110.249 104.86.111.137"/>
<host name="store.steampowered.com"
ip="23.195.77.152 23.205.213.78 92.122.219.245 104.71.179.142 173.223.184.147"/>
</dns>
</dns>
</syntaxhighlight>
</syntaxhighlight>



=Firewall=
=Firewall=
Line 70: Line 45:
Outbound Rules - Change the MAC address in the source-mac= element to your own:
Outbound Rules - Change the MAC address in the source-mac= element to your own:


<syntaxhighlight>
<syntaxhighlight lang=xml>
<rule-set name="Steam Client: Outbound" source-interface="LAN" target-interface="pppoe" no-match-action="continue">
<rule-set name="Steam Client: Outbound" source-interface="LAN" target-interface="pppoe" no-match-action="continue">
<rule name="Steam OS: NTP"
<rule name="Steam OS: NTP"
Line 85: Line 60:
action="accept"/>
action="accept"/>
<rule name="CDN: Akamai"
<rule name="CDN: Akamai"
target-ip="23.63.98.0/23 23.67.255.0/24 23.195.64.0/20 23.205.212.0/22 92.122.218.0/23 104.71.176.0/20 104.86.110.0/23 173.223.176.0/20"
target-ip="23.32.0.0/11 23.64.0.0/14 23.192.0.0/12 92.122.0.0/15 104.64.0.0/10 173.223.176.0/20"
target-port="80 443"
target-port="80 443"
protocol="6"
protocol="6"
Line 95: Line 70:
action="accept"/>
action="accept"/>
<rule name="CDN: Level 3"
<rule name="CDN: Level 3"
target-ip="8.253.70.30 8.253.70.110 8.253.70.142 8.254.191.46 8.254.191.94 8.254.191.238 212.73.205.178"
target-ip="8.253.70.30 8.253.70.110"
target-port="80 443"
target-port="80 443"
protocol="6"
protocol="6"
Line 105: Line 80:
action="accept"/>
action="accept"/>
<rule name="Steam Cloud: Google Cloud Platform"
<rule name="Steam Cloud: Google Cloud Platform"
target-ip="216.58.198.208 216.58.198.240 216.58.213.112"
target-ip="216.58.198.208 216.58.198.240"
target-port="80 443"
target-port="80 443"
protocol="6"
protocol="6"
Line 114: Line 89:
protocol="6"
protocol="6"
action="accept"/>
action="accept"/>
<rule name="Paypal Payments"
<rule name="PayPal Payments"
target-ip="66.235.148.64 66.235.148.128/31"
target-ip="2.22.133.163 2.22.139.27 23.65.43.145 66.225.197.197 66.235.148.64 93.184.220.29 173.223.190.173"
target-port="80 443"
target-port="80 443"
protocol="6"
protocol="6"
action="accept"/>
action="accept"/>
<rule name="Valve Software"
<rule name="Valve Software"
target-ip="103.10.124.0/24 146.66.155.0/24 155.133.245.0/24 155.133.248.0/24 162.254.192.0/21 205.196.6.0/24 208.64.203.0/24"
target-ip="103.10.124.0/23 146.66.155.0/24 155.133.224.0/19 162.254.192.0/21 205.196.6.0/24 208.64.200.0/22"
target-port="80 443"
target-port="80 443"
protocol="6"
protocol="6"
action="accept"/>
action="accept"/>
<rule name="Deny All"
<rule name="Deny All"
source-mac="408D5C57F303 D8CB8AA2464E"
source-mac="D8CB8AA2464E"
action="reject"/>
action="reject"/>
</rule-set>
</rule-set>
Line 132: Line 107:
Inbound Rules - Change the IP address in the target-ip= element to your own:
Inbound Rules - Change the IP address in the target-ip= element to your own:


<syntaxhighlight>
<syntaxhighlight lang=xml>
<rule-set name="Steam Client: Inbound" target-interface="LAN" no-match-action="reject">
<rule-set name="Steam Client: Inbound" target-interface="LAN" no-match-action="reject">
<rule name="Allow Firebrick" source-interface="self"/>
<rule name="Allow Firebrick" source-interface="self"/>
Line 139: Line 114:
</rule-set>
</rule-set>
</syntaxhighlight>
</syntaxhighlight>



=Technical Notes=
=Technical Notes=
Line 157: Line 131:


==Steam Client==
==Steam Client==

This documents what hostnames the steam client uses and when.


On startup:
On startup:
Line 171: Line 147:
*cdn.akamai.steamstatic.com
*cdn.akamai.steamstatic.com
*steamcommunity.com
*steamcommunity.com
*br01.broadcast.fra.steamstatic.com (Randomly Selected)
*br01.broadcast.lax.steamstatic.com (Randomly Selected)
*br01.broadcast.lon.steamstatic.com (Randomly Selected)
*br01.broadcast.ord.steamstatic.com (Randomly Selected)
*br01.broadcast.sto.steamstatic.com (Randomly Selected)
*br01.broadcast.sto.steamstatic.com (Randomly Selected)
*br02.broadcast.fra.steamstatic.com (Randomly Selected)
*br02.broadcast.lax.steamstatic.com (Randomly Selected)
*br02.broadcast.lon.steamstatic.com (Randomly Selected)
*br02.broadcast.ord.steamstatic.com (Randomly Selected)
*br02.broadcast.sto.steamstatic.com (Randomly Selected)
*br03.broadcast.fra.steamstatic.com (Randomly Selected)
*br03.broadcast.lax.steamstatic.com (Randomly Selected)
*br03.broadcast.lon.steamstatic.com (Randomly Selected)
*br03.broadcast.ord.steamstatic.com (Randomly Selected)
*br03.broadcast.sto.steamstatic.com (Randomly Selected)
*br04.broadcast.fra.steamstatic.com (Randomly Selected)
*br04.broadcast.lax.steamstatic.com (Randomly Selected)
*br04.broadcast.lon.steamstatic.com (Randomly Selected)
*br04.broadcast.ord.steamstatic.com (Randomly Selected)
*br04.broadcast.sto.steamstatic.com (Randomly Selected)
*br04.broadcast.sto.steamstatic.com (Randomly Selected)


Line 181: Line 175:
*store.steampowered.com
*store.steampowered.com
*cdn.akamai.steamstatic.com
*cdn.akamai.steamstatic.com

PayPal Payments:
*store.steampowered.com
*ocsp.digicert.com
*crl4.digicert.com
*www.paypal.com
*s2.symcb.com
*s1.symcb.com
*www.paypalobjects.com
*paypal.d1.sc.omtrdc.net
*t.paypal.com


==Steam Cloud==
==Steam Cloud==
Line 200: Line 205:
==IP Reference==
==IP Reference==


This documents what range of IP's belong to which CDN node and steam hostname.
a1507.d.akamai.net:

cdn.akamai.steamstatic.com:<br>
cdn.store.steampowered.com:<br>
clientconfig.akamai.steamstatic.com:<br>
images.akamai.steamusercontent.com:<br>
media.steampowered.com:<br>
media4.steampowered.com:<br>
repo.steampowered.com:<br>
store.akamai.steamstatic.com:
*a1507.d.akamai.net
*23.63.98.26 (Primary)
*23.63.98.32 (Primary)
*23.63.98.10
*23.63.98.10
*23.63.98.17
*23.63.98.17
*23.63.98.18
*23.63.98.18
*23.63.98.19
*23.63.98.19
*23.63.98.26 (Primary)
*23.63.98.27
*23.63.98.27
*23.63.98.32 (Primary)
*23.63.98.33
*23.63.98.33
*23.63.98.41
*23.63.98.41
Line 216: Line 231:
*104.86.111.137
*104.86.111.137


steamcommunity-a.akamaihd.net:
a1697.g.akamai.net:
*a1697.g.akamai.net
*23.63.99.219 (Primary)
*23.63.99.219 (Primary)
*23.67.255.202 (Primary)
*23.67.255.202 (Primary)
*104.86.110.24
*104.86.110.24
*104.86.110.75
*104.86.110.75

steamstore-a.akamaihd.net:
*a1737.g.akamai.net
*23.63.99.208 (Primary)
*23.63.99.240 (Primary)
*104.86.110.24
*104.86.110.81

steamcdn-a.akamaihd.net:
*a1843.g.akamai.net
*23.67.255.200 (Primary)
*23.67.255.208 (Primary)
*104.86.110.27
*104.86.110.35
Retrieved from "http://support.aa.net.uk/FireBrick_Firewall_-_Steam_Client"