Battlefield 3 Floating Rules Order

a-a-ron

What is needed to determine the rules order? I see that the Battlefield 2 rules, and they work fine. My problem is that Battlefield 3 does not use the same ports.

These are the PC ports from ea:
TCP: 80, 443, 9988, 20000-20100, 22990, 17502, 42127
UDP: 3659, 14000-14016, 22990-23006, 25200-25300

If anyone can give any pointers I would really appreciate it!!

clarknova

Floating rules are parsed in order, with the last match taking precedence. If you don't want the firewall to keep parsing after a rule matches a packet then you need to hit the "quick" box for that rule.

Is that what you were asking?

a-a-ron

Kind of. I know what ports are being used, I've been tracking them with wireshark. The problem I'm having is that no matter the order I put the rules they aren't being used. I clear the firewall states and wait a few minutes after every change.

Port 25200 UDP seems to be the main data stream from Battlefield 3 to the game server when playing a game. No matter what order (top of list, bottom of list, or quick) qGames is never used. When watching the queue's it uses qDefault.

This is the order I have my Battlefield 3 rules in, they are the top of the list.

Battlefield 3
UDP	*	*	*	3659		*	qGames		m_Game BF3-3659 outbound
TCP	*	*	*	9988		*	qACK/qGames	m_Game BF3-9988 outbound
TCP	*	*	*	10000 - 10100	*	qACK/qGames	m_Game BF3-10000-10100-TCP outbound
UDP	*	*	*	14000 - 14016	*	qGames		m_Game BF3-14000-14016 outbound
TCP	*	*	*	17502		*	qACK/qGames	m_Game BF3-17502 outbound
UDP	*	*	*	22990 - 23006	*	qGames		m_Game BF3-22990-23006-UDP outbound
TCP	*	*	*	22990		*	qACK/qGames	m_Game BF3-22990-TCP outbound
UDP	*	*	*	25200 - 25300	*	qGames		m_Game BF3-25200-25300 outbound
TCP	*	*	*	42127		*	qACK/qGames	m_Game BF3-42127 outbound

MaxPF

Got the same problem with BF3 traffic. Was anybody able to figure it out?

kathampy

I found it too much of hassle to define outbound rules for games. Only inbound ports are properly documented. You might as well make a pass-all exception for your IP address/MAC address since if you're playing games on the workstation, it's already been "compromised" with stuff running with administrative access.

a-a-ron

@KurianOfBorg:

I found it too much of hassle to define outbound rules for games. Only inbound ports are properly documented. You might as well make a pass-all exception for your IP address/MAC address since if you're playing games on the workstation, it's already been "compromised" with stuff running with administrative access.

You really only need to have one port opened by Origin to allow full connectivity for BF3. You shouldn't need to physically open all the ports they require. The ports I have listed above do seem to work for outgoing. I have allowed 3 additional port ranges for "incoming" now so all BF3 QoS traffic is prioritized (to my best guess). Remember this is QoS, not actually physically opening ports.
EA uPnp Port:
3659 keep state udp xxx.xx.x.xx EA Tunnel

Additional Incoming Ports:
UDP * 25200 - 25300 * * * qGames
TCP * 42127 * * * qACK/qGames
TCP * 9988 * * * qACK/qGames