FireBrick 2700 Configuration: Difference between revisions

Line 285:

Here are some pre-written firewall rules:

==Steam Client==

*[[FireBrick Firewall - Steam Client]]

This rule set restricts both inbound and outbound traffic to the Steam Client. Useful for a Windows Gaming PC or Mac Gaming System.

These static DNS entries help keep the IP addresses matched to the ones in the firewall rule set:

<host name="a1507.d.akamai.net"

ip="23.63.98.10 23.63.98.17 23.63.98.18 23.63.98.19 23.63.98.26 23.63.98.27 23.63.98.32 23.63.98.33 23.63.98.41 23.63.98.43 23.63.99.58 23.63.99.90 104.86.110.249 104.86.111.137"/>

<host name="a1697.g.akamai.net"

ip="23.63.99.219 23.67.255.202"/>

<host name="a1737.g.akamai.net"

ip="23.63.99.208 23.63.99.240"/>

<host name="a1843.g.akamai.net"

ip="23.67.255.200 23.67.255.208"/>

<host name="api.steampowered.com"

ip="23.195.77.152 23.205.213.78 92.122.219.245 104.71.179.142 173.223.184.147"/>

<host name="cdn.akamai.steamstatic.com"

ip="23.63.98.10 23.63.98.17 23.63.98.18 23.63.98.19 23.63.98.26 23.63.98.27 23.63.98.32 23.63.98.33 23.63.98.41 23.63.98.43 23.63.99.58 23.63.99.90 104.86.110.249 104.86.111.137"/>

<host name="cdn.store.steampowered.com"

ip="23.63.98.10 23.63.98.17 23.63.98.18 23.63.98.19 23.63.98.26 23.63.98.27 23.63.98.32 23.63.98.33 23.63.98.41 23.63.98.43 23.63.99.58 23.63.99.90 104.86.110.249 104.86.111.137"/>

<host name="cgpromotion.azurewebsites.net"

ip="104.40.183.236"/>

<host name="clientconfig.akamai.steamstatic.com"

ip="23.63.98.10 23.63.98.17 23.63.98.18 23.63.98.19 23.63.98.26 23.63.98.27 23.63.98.32 23.63.98.33 23.63.98.41 23.63.98.43 23.63.99.58 23.63.99.90 104.86.110.249 104.86.111.137"/>

<host name="images.akamai.steamusercontent.com"

ip="23.63.98.10 23.63.98.17 23.63.98.18 23.63.98.19 23.63.98.26 23.63.98.27 23.63.98.32 23.63.98.33 23.63.98.41 23.63.98.43 23.63.99.58 23.63.99.90 104.86.110.249 104.86.111.137"/>

<host name="media.steampowered.com"

ip="23.63.98.10 23.63.98.17 23.63.98.18 23.63.98.19 23.63.98.26 23.63.98.27 23.63.98.32 23.63.98.33 23.63.98.41 23.63.98.43 23.63.99.58 23.63.99.90 104.86.110.249 104.86.111.137"/>

<host name="media2.steampowered.com"

ip="205.185.216.10 205.185.216.42"/>

<host name="media3.steampowered.com"

ip="8.253.70.30 8.253.70.110 8.253.70.142 8.254.191.94 8.254.191.238"/>

<host name="media4.steampowered.com"

ip="23.63.98.10 23.63.98.17 23.63.98.18 23.63.98.19 23.63.98.26 23.63.98.27 23.63.98.32 23.63.98.33 23.63.98.41 23.63.98.43 23.63.99.58 23.63.99.90 104.86.110.249 104.86.111.137"/>

<host name="repo.steampowered.com"

ip="23.63.98.10 23.63.98.17 23.63.98.18 23.63.98.19 23.63.98.26 23.63.98.27 23.63.98.32 23.63.98.33 23.63.98.41 23.63.98.43 23.63.99.58 23.63.99.90 104.86.110.249 104.86.111.137"/>

<host name="steamcdn-a.akamaihd.net"

ip="23.67.255.200 23.67.255.208"/>

<host name="steamcloud-eu.storage.googleapis.com"

ip="216.58.213.112"/>

<host name="steamcloudams.blob.core.windows.net"

ip="168.61.58.14"/>

<host name="steamclouddub.blob.core.windows.net"

ip="191.235.193.40"/>

<host name="steamcommunity-a.akamaihd.net"

ip="23.63.99.219 23.67.255.202"/>

<host name="steamcommunity.com"

ip="23.195.77.152 23.205.213.78 92.122.219.245 104.71.179.142 173.223.184.147"/>

<host name="steamstore-a.akamaihd.net"

ip="23.63.99.208 23.63.99.240"/>

<host name="store.akamai.steamstatic.com"

ip="23.63.98.10 23.63.98.17 23.63.98.18 23.63.98.19 23.63.98.26 23.63.98.27 23.63.98.32 23.63.98.33 23.63.98.41 23.63.98.43 23.63.99.58 23.63.99.90 104.86.110.249 104.86.111.137"/>

<host name="store.steampowered.com"

ip="23.195.77.152 23.205.213.78 92.122.219.245 104.71.179.142 173.223.184.147"/>

</dns>

</syntaxhighlight>

Outbound Rules - Change the MAC address in the source-mac= element to your own:

<rule-set name="Steam Client: Outbound" source-interface="LAN" target-interface="pppoe" no-match-action="continue">

<rule name="NTP"

target-port="123"

protocol="17"

action="accept"/>

<rule name="TCP"

target-port="27014-27050"

protocol="6"

action="accept"/>

<rule name="UDP"

target-port="3478 4379 4380 27000-27030"

protocol="17"

action="accept"/>

<rule name="Akamai CDN"

target-ip="23.63.98.0/23 23.67.255.0/24 23.195.64.0/20 23.205.212.0/22 92.122.218.0/23 104.71.176.0/20 104.86.110.0/23 173.223.176.0/20"

target-port="80 443"

protocol="6"

action="accept"/>

<rule name="Google Cloud"

target-ip="216.58.213.112"

target-port="80 443"

protocol="6"

action="accept"/>

<rule name="Highwinds CDN"

target-ip="205.185.216.10 205.185.216.42"

target-port="80 443"

protocol="6"

action="accept"/>

<rule name="Level3 CDN"

target-ip="8.253.70.30 8.253.70.110 8.253.70.142 8.254.191.94 8.254.191.238 212.73.205.178"

target-port="80 443"

protocol="6"

action="accept"/>

<rule name="Microsoft Cloud"

target-ip="104.40.183.236 168.61.57.78 168.61.58.14 191.235.193.40"

target-port="80 443"

protocol="6"

action="accept"/>

<rule name="Paypal Payments"

target-ip="66.235.148.64 66.235.148.128/31"

target-port="80 443"

protocol="6"

action="accept"/>

<rule name="Telia Network"

target-ip="62.115.11.250 80.239.194.146"

target-port="80 443"

protocol="6"

action="accept"/>

<rule name="Valve Software"

target-ip="103.10.124.0/24 146.66.155.0/24 155.133.245.0/24 155.133.248.0/24 162.254.192.0/22 162.254.196.0/23 162.254.198.0/32 205.196.6.0/24"

target-port="80 443"

protocol="6"

action="accept"/>

<rule name="Deny All"

source-mac="408D5C57F303 D8CB8AA2464E"

action="reject"/>

</rule-set>

</syntaxhighlight>

Inbound Rules:

<rule-set name="Steam Client: Inbound" target-interface="LAN" no-match-action="reject">

</rule-set>

</syntaxhighlight>

[[Category:FireBrick|Configuration]]