FireBrick Firewall - Steam Client
This firewall allows both inbound and outbound traffic to reach the steam client, all other traffic is rejected.
Static DNS
Static DNS manages control over which IP's the steam client can use:
<dns resolvers="2001:8b0::2020 2001:8b0::2021 217.169.20.20 217.169.20.21">
<host name="a1507.d.akamai.net" ip="23.63.98.26 23.63.98.32"/>
<host name="a1697.g.akamai.net" ip="23.63.99.219 23.67.255.202"/>
<host name="a1737.g.akamai.net" ip="23.63.99.208 23.63.99.240"/>
<host name="a1843.g.akamai.net" ip="23.67.255.200 23.67.255.208"/>
<host name="api.steampowered.com" ip="23.195.77.152 23.205.213.78"/>
<host name="cdn.akamai.steamstatic.com" ip="23.63.98.26 23.63.98.32"/>
<host name="cdn.store.steampowered.com" ip="23.63.98.26 23.63.98.32"/>
<host name="cgpromotion.azurewebsites.net" ip="104.40.183.236"/>
<host name="cgpromotion.blob.core.windows.net" ip="168.61.57.78"/>
<host name="clientconfig.akamai.steamstatic.com" ip="23.63.98.26 23.63.98.32"/>
<host name="crash.steampowered.com" ip="208.64.203.140 208.64.203.173"/>
<host name="dreamfallchapters.azurewebsites.net" ip="191.238.8.26"/>
<host name="images.akamai.steamusercontent.com" ip="23.63.98.26 23.63.98.32"/>
<host name="media.steampowered.com" ip="23.63.98.26 23.63.98.32"/>
<host name="media2.steampowered.com" ip="205.185.216.10 205.185.216.42"/>
<host name="media3.steampowered.com" ip="8.253.70.30 8.253.70.110"/>
<host name="media4.steampowered.com" ip="23.63.98.26 23.63.98.32"/>
<host name="repo.steampowered.com" ip="23.63.98.26 23.63.98.32"/>
<host name="steamcdn-a.akamaihd.net" ip="23.67.255.200 23.67.255.208"/>
<host name="steamcloud-eu.storage.googleapis.com" ip="216.58.198.208 216.58.198.240"/>
<host name="steamcloudams.blob.core.windows.net" ip="168.61.58.14"/>
<host name="steamclouddub.blob.core.windows.net" ip="191.235.193.40"/>
<host name="steamcommunity-a.akamaihd.net" ip="23.63.99.219 23.67.255.202"/>
<host name="steamcommunity.com" ip="23.195.77.152 23.205.213.78"/>
<host name="steamstore-a.akamaihd.net" ip="23.63.99.208 23.63.99.240"/>
<host name="store.akamai.steamstatic.com" ip="23.63.98.26 23.63.98.32"/>
<host name="store.steampowered.com" ip="23.195.77.152 23.205.213.78"/>
</dns>
Firewall
Outbound Rules - Change the MAC address in the source-mac= element to your own:
<rule-set name="Steam Client: Outbound" source-interface="LAN" target-interface="pppoe" no-match-action="continue">
<rule name="Steam OS: NTP"
target-port="123"
protocol="17"
action="accept"/>
<rule name="Steam Client: TCP"
target-port="27014-27050"
protocol="6"
action="accept"/>
<rule name="Steam Client: UDP"
target-port="3478 4379 4380 27000-27030"
protocol="17"
action="accept"/>
<rule name="CDN: Akamai"
target-ip="23.32.0.0/11 23.64.0.0/14 23.192.0.0/12 92.122.0.0/15 104.64.0.0/10 173.223.176.0/20"
target-port="80 443"
protocol="6"
action="accept"/>
<rule name="CDN: Highwinds"
target-ip="205.185.216.10 205.185.216.42"
target-port="80 443"
protocol="6"
action="accept"/>
<rule name="CDN: Level 3"
target-ip="8.253.70.30 8.253.70.110"
target-port="80 443"
protocol="6"
action="accept"/>
<rule name="Steam Cloud: Amazon Web Services"
target-ip="54.231.130.0/23 54.231.132.0/22 54.231.136.0/22 54.231.140.0/23 54.231.142.0/24"
target-port="80 443"
protocol="6"
action="accept"/>
<rule name="Steam Cloud: Google Cloud Platform"
target-ip="216.58.198.208 216.58.198.240"
target-port="80 443"
protocol="6"
action="accept"/>
<rule name="Steam Cloud: Microsoft Azure"
target-ip="104.40.183.236 168.61.57.78 168.61.58.14 191.235.193.40 191.238.8.26"
target-port="80 443"
protocol="6"
action="accept"/>
<rule name="Paypal Payments"
target-ip="66.235.148.64 66.235.148.128/31"
target-port="80 443"
protocol="6"
action="accept"/>
<rule name="Valve Software"
target-ip="103.10.124.0/24 146.66.155.0/24 155.133.245.0/24 155.133.248.0/24 162.254.192.0/21 205.196.6.0/24 208.64.203.0/24"
target-port="80 443"
protocol="6"
action="accept"/>
<rule name="Deny All"
source-mac="D8CB8AA2464E"
action="reject"/>
</rule-set>
Inbound Rules - Change the IP address in the target-ip= element to your own:
<rule-set name="Steam Client: Inbound" target-interface="LAN" no-match-action="reject">
<rule name="Allow Firebrick" source-interface="self"/>
<rule name="Steam Client: TCP" target-ip="217.169.11.114/31" target-port="27014-27050" protocol="6" action="accept"/>
<rule name="Steam Client: UDP" target-ip="217.169.11.114/31" target-port="3478 4379 4380 27000-27030" protocol="17" action="accept"/>
</rule-set>
Technical Notes
Steam's game delivery system uses 3 different high performing CDN companies: Akamai, Highwinds and Level 3.
- media.steampowered.com = Akamai
- media2.steampowered.com = Highwinds
- media3.steampowered.com = Level 3
- media4.steampowered.com = Akamai
Origin Server
The origin server is where each CDN will pull files from. The origin server hostnames are:
- cdn-01-origin.steampowered.com
- cdn-01.steampowered.com
Steam Client
On startup:
- repo.steampowered.com
- client-download.steampowered.com
- media.steampowered.com (Randomly Selected)
- media2.steampowered.com (Randomly Selected)
- media3.steampowered.com (Randomly Selected)
- media4.steampowered.com (Randomly Selected)
- api.steampowered.com
- clientconfig.akamai.steamstatic.com
- steamcommunity-a.akamaihd.net
- store.steampowered.com
- cdn.akamai.steamstatic.com
- steamcommunity.com
- br01.broadcast.sto.steamstatic.com (Randomly Selected)
- br02.broadcast.ord.steamstatic.com (Randomly Selected)
- br03.broadcast.lax.steamstatic.com (Randomly Selected)
- br04.broadcast.fra.steamstatic.com (Randomly Selected)
- br04.broadcast.sto.steamstatic.com (Randomly Selected)
Entering the Store:
- store.steampowered.com
- store.akamai.steamstatic.com
Exploring your Queue:
- store.steampowered.com
- cdn.akamai.steamstatic.com
Steam Cloud
The steam cloud stores a copy of local saved games, allowing you to use them on another system running the steam client. Here is a list of which hostnames belong to which game:
Deponia: The Complete Journey
- cgpromotion.azurewebsites.net
- cgpromotion.blob.core.windows.net
Deponia Doomsday
- cgpromotion.azurewebsites.net
- cgpromotion.blob.core.windows.net
Dreamfall Chapters
- dreamfallchapters.azurewebsites.net
- steamcloud-dub.s3.amazonaws.com
IP Reference
a1507.d.akamai.net:
- 23.63.98.26 (Primary)
- 23.63.98.32 (Primary)
- 23.63.98.10
- 23.63.98.17
- 23.63.98.18
- 23.63.98.19
- 23.63.98.27
- 23.63.98.33
- 23.63.98.41
- 23.63.98.43
- 23.63.99.58
- 23.63.99.90
- 104.86.110.249
- 104.86.111.137
a1697.g.akamai.net:
- 23.63.99.219 (Primary)
- 23.67.255.202 (Primary)
- 104.86.110.24
- 104.86.110.75
a1737.g.akamai.net:
- 23.63.99.208 (Primary)
- 23.63.99.240 (Primary)
- 104.86.110.24
- 104.86.110.81
a1843.g.akamai.net:
- 23.67.255.200 (Primary)
- 23.67.255.208 (Primary)
- 104.86.110.27
- 104.86.110.35