Steam not being blocked!

Keyz

Hi ..

So setup the normal schedule for a sons pc and all his other devices that are to be restricted from accessing the net gone 9pm..

However steam on the pc can always get a connection regardless of what i do, even thoe the his pc is supposed to be blocked from gaining web access ?

Other than blocking the steam ports on for his pc any other ideas ?

Thanks

kejianshi

I used to use discipline and threats of bodily harm…

Keyz

ill add that on my " Plan B list "  :D

Lol

kejianshi

You can set his computer to be totally blocked on schedules…  Other than that...

kejianshi

https://forum.pfsense.org/index.php?topic=89842.0

Keyz

That link dont cover all the ports that steam uses..  https://support.steampowered.com/kb_article.php?ref=8571-GLVN-8711

However ive now blocked all steam ports to his pc.

Hopefully :D

kejianshi

HTTP (TCP port 80) and HTTPS (443)
    UDP 27015 through 27030
    TCP 27015 through 27030

Steam Client

UDP 27000 to 27015 inclusive (Game client traffic)
    UDP 27015 to 27030 inclusive (Typically Matchmaking and HLTV)
    UDP 27031 and 27036 (incoming, for In-Home Streaming)
    TCP 27036 and 27037 (incoming, for In-Home Streaming)
    UDP 4380

Dedicated or Listen Servers

TCP 27015 (SRCDS Rcon port)

Steamworks P2P Networking and Steam Voice Chat

UDP 3478 (Outbound)
    UDP 4379 (Outbound)
    UDP 4380 (Outbound)

Those two at the top should make life interesting…

Keyz

haha yes..

Well thats his pc now blocked from steam also set with his time schedule..

And steam even confirms theres no internet connection.. which is nice :D  ;D ;D

kejianshi

Tomorrow you will find him on the web googling how to spoof a new MAC daily…

Keyz

for god sakes man dont give him ideas  ::) ::)

Thankfully hes not tech savy lol ;D as a new ip could of saved his behind.. but now ive static ip'd him :D

kejianshi

Lets hope he doesn't access the console and revert your rules…

https://doc.pfsense.org/index.php/Locked_out_of_the_WebGUI

Kids are crafty...

LBP

If you ask me, it'd be a good thing if the non-tech savy kid is forced to learn how to spoof a MAC or find another way around your internet ban.

kejianshi

Pfsense can do a really good job of this sort of thing.  However, pfsense does need to be physically secured.  Lets hope the kids don't just go down and keep restoring defaults.

remlei

well you can just make a default rule that any device other than listed on the alias will restrict their internet access after the specified time. It's not really that hard, no mac spoofing can bypass it, but a VPN can easily bypass it but there's no free VPN service out there that offers lag-free gaming so your kid needs to pay for it or you can just blacklist the possible VPN IPs that he uses, until he rans out of option of free VPN. Just dont block port 80, 443 and 53, you dont want your kid interrupted while doing a legitimate school homework overnight.

your kid might try to spoof your whitelisted mac addresses though

if everything fails, isolate his PC on a entire subnet :P