FireBrick Firewall - Steam Client: Difference between revisions

← Older edit

Content deleted Content added

Inline

@@ Line 1: / Line 1: @@
-This firewall allows both inbound and outbound traffic to reach the steam client, all other traffic is rejected.
+This firewall allows both inbound and outbound traffic to reach the steam client, all other traffic is rejected. It is written for gaming systems that will only be using the steam client.
 =Static DNS=
@@ Line 7: / Line 7: @@
 <syntaxhighlight lang=xml>
 <dns resolvers="2001:8b0::2020 2001:8b0::2021 217.169.20.20 217.169.20.21">
-<host name="a1507.d.akamai.net" ip="23.63.98.26 23.63.98.32"/>
+<host name="api.steampowered.com" ip="23.205.213.78"/>
-<host name="a1697.g.akamai.net" ip="23.63.99.219 23.67.255.202"/>
-<host name="a1737.g.akamai.net" ip="23.63.99.208 23.63.99.240"/>
-<host name="a1843.g.akamai.net" ip="23.67.255.200 23.67.255.208"/>
-<host name="api.steampowered.com" ip="23.195.77.152 23.205.213.78"/>
 <host name="cdn.akamai.steamstatic.com" ip="23.63.98.26 23.63.98.32"/>
 <host name="cdn.store.steampowered.com" ip="23.63.98.26 23.63.98.32"/>
@@ Line 18: / Line 14: @@
 <host name="clientconfig.akamai.steamstatic.com" ip="23.63.98.26 23.63.98.32"/>
 <host name="crash.steampowered.com" ip="208.64.203.140 208.64.203.173"/>
+<host name="crl4.digicert.com" ip="66.225.197.197"/>
 <host name="dreamfallchapters.azurewebsites.net" ip="191.238.8.26"/>
 <host name="images.akamai.steamusercontent.com" ip="23.63.98.26 23.63.98.32"/>
@@ Line 24: / Line 21: @@
 <host name="media3.steampowered.com" ip="8.253.70.30 8.253.70.110"/>
 <host name="media4.steampowered.com" ip="23.63.98.26 23.63.98.32"/>
+<host name="ocsp.digicert.com" ip="93.184.220.29"/>
+<host name="paypal.d1.sc.omtrdc.net" ip="66.235.148.64"/>
 <host name="repo.steampowered.com" ip="23.63.98.26 23.63.98.32"/>
+<host name="s1.symcb.com" ip="2.22.133.163"/>
+<host name="s2.symcb.com" ip="2.22.139.27"/>
 <host name="steamcdn-a.akamaihd.net" ip="23.67.255.200 23.67.255.208"/>
 <host name="steamcloud-eu.storage.googleapis.com" ip="216.58.198.208 216.58.198.240"/>
@@ Line 30: / Line 31: @@
 <host name="steamclouddub.blob.core.windows.net" ip="191.235.193.40"/>
 <host name="steamcommunity-a.akamaihd.net" ip="23.63.99.219 23.67.255.202"/>
-<host name="steamcommunity.com" ip="23.195.77.152 23.205.213.78"/>
+<host name="steamcommunity.com" ip="23.63.99.219 23.67.255.202"/>
 <host name="steamstore-a.akamaihd.net" ip="23.63.99.208 23.63.99.240"/>
 <host name="store.akamai.steamstatic.com" ip="23.63.98.26 23.63.98.32"/>
-<host name="store.steampowered.com" ip="23.195.77.152 23.205.213.78"/>
+<host name="store.steampowered.com" ip="23.205.213.78"/>
+<host name="t.paypal.com" ip="173.223.190.173"/>
+<host name="www.paypal.com" ip="173.223.190.173"/>
+<host name="www.paypalobjects.com" ip="23.65.43.145"/>
 </dns>
 </syntaxhighlight>
@@ Line 85: / Line 89: @@
         protocol="6"
         action="accept"/>
-  <rule name="Paypal Payments"
+  <rule name="PayPal Payments"
-        target-ip="66.235.148.64 66.235.148.128/31"
+        target-ip="2.22.133.163 2.22.139.27 23.65.43.145 66.225.197.197 66.235.148.64 93.184.220.29 173.223.190.173"
         target-port="80 443"
         protocol="6"
         action="accept"/>
   <rule name="Valve Software"
-        target-ip="103.10.124.0/24 146.66.155.0/24 155.133.245.0/24 155.133.248.0/24 162.254.192.0/21 205.196.6.0/24 208.64.203.0/24"
+        target-ip="103.10.124.0/23 146.66.155.0/24 155.133.224.0/19 162.254.192.0/21 205.196.6.0/24 208.64.200.0/22"
         target-port="80 443"
         protocol="6"
@@ Line 127: / Line 131: @@
 ==Steam Client==
+This documents what hostnames the steam client uses and when.
 On startup:
@@ Line 141: / Line 147: @@
 *cdn.akamai.steamstatic.com
 *steamcommunity.com
+*br01.broadcast.fra.steamstatic.com (Randomly Selected)
+*br01.broadcast.lax.steamstatic.com (Randomly Selected)
+*br01.broadcast.lon.steamstatic.com (Randomly Selected)
+*br01.broadcast.ord.steamstatic.com (Randomly Selected)
 *br01.broadcast.sto.steamstatic.com (Randomly Selected)
+*br02.broadcast.fra.steamstatic.com (Randomly Selected)
+*br02.broadcast.lax.steamstatic.com (Randomly Selected)
+*br02.broadcast.lon.steamstatic.com (Randomly Selected)
 *br02.broadcast.ord.steamstatic.com (Randomly Selected)
+*br02.broadcast.sto.steamstatic.com (Randomly Selected)
+*br03.broadcast.fra.steamstatic.com (Randomly Selected)
 *br03.broadcast.lax.steamstatic.com (Randomly Selected)
+*br03.broadcast.lon.steamstatic.com (Randomly Selected)
+*br03.broadcast.ord.steamstatic.com (Randomly Selected)
+*br03.broadcast.sto.steamstatic.com (Randomly Selected)
 *br04.broadcast.fra.steamstatic.com (Randomly Selected)
+*br04.broadcast.lax.steamstatic.com (Randomly Selected)
+*br04.broadcast.lon.steamstatic.com (Randomly Selected)
+*br04.broadcast.ord.steamstatic.com (Randomly Selected)
 *br04.broadcast.sto.steamstatic.com (Randomly Selected)
@@ Line 155: / Line 176: @@
 *cdn.akamai.steamstatic.com
-Paypal Payments:
+PayPal Payments:
 *store.steampowered.com
 *ocsp.digicert.com
@@ Line 184: / Line 205: @@
 ==IP Reference==
+This documents what range of IP's belong to which CDN node and steam hostname.
-a1507.d.akamai.net:
+cdn.akamai.steamstatic.com:<br>
+cdn.store.steampowered.com:<br>
+clientconfig.akamai.steamstatic.com:<br>
+images.akamai.steamusercontent.com:<br>
+media.steampowered.com:<br>
+media4.steampowered.com:<br>
+repo.steampowered.com:<br>
+store.akamai.steamstatic.com:
+*a1507.d.akamai.net
 *23.63.98.26 (Primary)
 *23.63.98.32 (Primary)
@@ Line 200: / Line 231: @@
 *104.86.111.137
+steamcommunity-a.akamaihd.net:
-a1697.g.akamai.net:
+*a1697.g.akamai.net
 *23.63.99.219 (Primary)
 *23.67.255.202 (Primary)
@@ Line 206: / Line 238: @@
 *104.86.110.75
-a1737.g.akamai.net:
+steamstore-a.akamaihd.net:
+*a1737.g.akamai.net
 *23.63.99.208 (Primary)
 *23.63.99.240 (Primary)
@@ Line 212: / Line 245: @@
 *104.86.110.81
-a1843.g.akamai.net:
+steamcdn-a.akamaihd.net:
+*a1843.g.akamai.net
 *23.67.255.200 (Primary)
 *23.67.255.208 (Primary)