FireBrick Firewall - Steam Client

From AAISP Support Site
Revision as of 12:18, 5 March 2016 by CrazyTeeka (talk | contribs)

This rule set restricts both inbound and outbound traffic to the Steam Client. Useful for a Windows Gaming PC or Mac Gaming System.

These static DNS entries help keep the IP addresses matched to the ones in the firewall rule set:

<dns resolvers="2001:8b0::2020 2001:8b0::2021 217.169.20.20 217.169.20.21">
   <host name="a1507.d.akamai.net"
         ip="23.63.98.10 23.63.98.17 23.63.98.18 23.63.98.19 23.63.98.26 23.63.98.27 23.63.98.32 23.63.98.33 23.63.98.41 23.63.98.43 23.63.99.58 23.63.99.90 104.86.110.249 104.86.111.137"/>
   <host name="a1697.g.akamai.net"
         ip="23.63.99.219 23.67.255.202"/>
   <host name="a1737.g.akamai.net"
         ip="23.63.99.208 23.63.99.240"/>
   <host name="a1843.g.akamai.net"
         ip="23.67.255.200 23.67.255.208"/>
   <host name="api.steampowered.com"
         ip="23.195.77.152 23.205.213.78 92.122.219.245 104.71.179.142 173.223.184.147"/>
   <host name="cdn.akamai.steamstatic.com"
         ip="23.63.98.10 23.63.98.17 23.63.98.18 23.63.98.19 23.63.98.26 23.63.98.27 23.63.98.32 23.63.98.33 23.63.98.41 23.63.98.43 23.63.99.58 23.63.99.90 104.86.110.249 104.86.111.137"/>
   <host name="cdn.store.steampowered.com"
         ip="23.63.98.10 23.63.98.17 23.63.98.18 23.63.98.19 23.63.98.26 23.63.98.27 23.63.98.32 23.63.98.33 23.63.98.41 23.63.98.43 23.63.99.58 23.63.99.90 104.86.110.249 104.86.111.137"/>
   <host name="cgpromotion.azurewebsites.net"
         ip="104.40.183.236"/>
   <host name="cgpromotion.blob.core.windows.net"
         ip="168.61.57.78"/>
   <host name="clientconfig.akamai.steamstatic.com"
         ip="23.63.98.10 23.63.98.17 23.63.98.18 23.63.98.19 23.63.98.26 23.63.98.27 23.63.98.32 23.63.98.33 23.63.98.41 23.63.98.43 23.63.99.58 23.63.99.90 104.86.110.249 104.86.111.137"/>
   <host name="images.akamai.steamusercontent.com"
         ip="23.63.98.10 23.63.98.17 23.63.98.18 23.63.98.19 23.63.98.26 23.63.98.27 23.63.98.32 23.63.98.33 23.63.98.41 23.63.98.43 23.63.99.58 23.63.99.90 104.86.110.249 104.86.111.137"/>
   <host name="media.steampowered.com"
         ip="23.63.98.10 23.63.98.17 23.63.98.18 23.63.98.19 23.63.98.26 23.63.98.27 23.63.98.32 23.63.98.33 23.63.98.41 23.63.98.43 23.63.99.58 23.63.99.90 104.86.110.249 104.86.111.137"/>
   <host name="media2.steampowered.com"
         ip="205.185.216.10 205.185.216.42"/>
   <host name="media3.steampowered.com"
         ip="8.253.70.30 8.253.70.110 8.253.70.142 8.254.191.94 8.254.191.238"/>
   <host name="media4.steampowered.com"
         ip="23.63.98.10 23.63.98.17 23.63.98.18 23.63.98.19 23.63.98.26 23.63.98.27 23.63.98.32 23.63.98.33 23.63.98.41 23.63.98.43 23.63.99.58 23.63.99.90 104.86.110.249 104.86.111.137"/>
   <host name="repo.steampowered.com"
         ip="23.63.98.10 23.63.98.17 23.63.98.18 23.63.98.19 23.63.98.26 23.63.98.27 23.63.98.32 23.63.98.33 23.63.98.41 23.63.98.43 23.63.99.58 23.63.99.90 104.86.110.249 104.86.111.137"/>
   <host name="steamcdn-a.akamaihd.net"
         ip="23.67.255.200 23.67.255.208"/>
   <host name="steamcloud-eu.storage.googleapis.com"
         ip="216.58.213.112"/>
   <host name="steamcloudams.blob.core.windows.net"
         ip="168.61.58.14"/>
   <host name="steamclouddub.blob.core.windows.net"
         ip="191.235.193.40"/>
   <host name="steamcommunity-a.akamaihd.net"
         ip="23.63.99.219 23.67.255.202"/>
   <host name="steamcommunity.com"
         ip="23.195.77.152 23.205.213.78 92.122.219.245 104.71.179.142 173.223.184.147"/>
   <host name="steamstore-a.akamaihd.net"
         ip="23.63.99.208 23.63.99.240"/>
   <host name="store.akamai.steamstatic.com"
         ip="23.63.98.10 23.63.98.17 23.63.98.18 23.63.98.19 23.63.98.26 23.63.98.27 23.63.98.32 23.63.98.33 23.63.98.41 23.63.98.43 23.63.99.58 23.63.99.90 104.86.110.249 104.86.111.137"/>
   <host name="store.steampowered.com"
         ip="23.195.77.152 23.205.213.78 92.122.219.245 104.71.179.142 173.223.184.147"/>
</dns>

Outbound Rules - Change the MAC address in the source-mac= element to your own:

<rule-set name="Steam Client: Outbound" source-interface="LAN" target-interface="pppoe" no-match-action="continue">
  <rule name="NTP"
        target-port="123"
        protocol="17"
        action="accept"/>
  <rule name="TCP"
        target-port="27014-27050"
        protocol="6"
        action="accept"/>
  <rule name="UDP"
        target-port="3478 4379 4380 27000-27030"
        protocol="17"
        action="accept"/>
  <rule name="Akamai CDN"
        target-ip="23.63.98.0/23 23.67.255.0/24 23.195.64.0/20 23.205.212.0/22 92.122.218.0/23 104.71.176.0/20 104.86.110.0/23 173.223.176.0/20"
        target-port="80 443"
        protocol="6"
        action="accept"/>
  <rule name="Google Cloud"
        target-ip="216.58.213.112"
        target-port="80 443"
        protocol="6"
        action="accept"/>
  <rule name="Highwinds CDN"
        target-ip="205.185.216.10 205.185.216.42"
        target-port="80 443"
        protocol="6"
        action="accept"/>
  <rule name="Level3 CDN"
        target-ip="8.253.70.30 8.253.70.110 8.253.70.142 8.254.191.94 8.254.191.238 212.73.205.178"
        target-port="80 443"
        protocol="6"
        action="accept"/>
  <rule name="Microsoft Cloud"
        target-ip="104.40.183.236 168.61.57.78 168.61.58.14 191.235.193.40"
        target-port="80 443"
        protocol="6"
        action="accept"/>
  <rule name="Paypal Payments"
        target-ip="66.235.148.64 66.235.148.128/31"
        target-port="80 443"
        protocol="6"
        action="accept"/>
  <rule name="Telia Network"
        target-ip="62.115.11.250 80.239.194.146"
        target-port="80 443"
        protocol="6"
        action="accept"/>
  <rule name="Valve Software"
        target-ip="103.10.124.0/24 146.66.155.0/24 155.133.245.0/24 155.133.248.0/24 162.254.192.0/22 162.254.196.0/23 162.254.198.0/32 205.196.6.0/24"
        target-port="80 443"
        protocol="6"
        action="accept"/>
  <rule name="Deny All"
        source-mac="408D5C57F303 D8CB8AA2464E"
        action="reject"/>
</rule-set>

Inbound Rules:

<rule-set name="Steam Client: Inbound" target-interface="LAN" no-match-action="reject">
<rule name="Allow Firebrick" source-interface="self"/>
<rule name="TCP" target-port="27014-27050" protocol="6" action="accept"/>
<rule name="UDP" target-port="3478 4379 4380 27000-27030" protocol="17" action="accept"/>
</rule-set>