Block Steam Downloads

Sliffer21

Hello,

I was wondering if someone could help me block steam downloads for one of our interfaces. I still want to allow game play just not downloading on one of our LAN interfaces. I have attempted to block ports 27014-27050 but that doesn't seem to work. Any suggestions?

KOM

Post a screenshot of your rule. Maybe there was a problem with the rule.

Sliffer21

Sure thing, here is it attached

Sliffer21

Here are the full details

KOM

Where is your rule placed in relation to the others? Rules are processed top-down, so if you put that rule after the Allow All rule then it won't trigger.

I would activate the rule, clear the states (Diagnostics - States - Reset States), and then run a packet capture (Diagnostics - Packet Capture) while doing a Steam download test to see what traffic is actually passing through.

Sliffer21

I have it at the top of the list, and sure I will do that here in about 3 hours when I get back.

Sliffer21

Hey looks like that did the trick just fine now. Thanks for the help!

Sliffer21

Firewall > Rules > LAN

Add new rule

Action: Block
Interface: LAN
TCP/IP Version: IPv4 (In my case)
Protocol: TCP/UDP
Source: Any
Destination: Any
Destination Port Range: 27014 to 27050

Now the issue I faced was this blocked steam completely not just the downloads. Also this does not prevent VPNs from being used to bypass the rule.

KOM

Now the issue I faced was this blocked steam completely not just the downloads.

Check the firewall log and see whats being blocked, then modify your rule to accommodate it.

Also this does not prevent VPNs from being used to bypass the rule.

Well, that's pretty much the entire point of VPNs, isn't it?

OzRattler

Thanks!

That seemed to work generally though I have just been watching and checking the States Table to see how despite the rules and limiters the son's PC consumes 99% of the bandwidth. Modification of the Rule to match a targeted Steam IP ~ 103.2.118.3 ~ failed to have an impact. Resetting the States and hoping to see a slump, nothing. [Mind limiter is set to 2Mb IN]

Rule images attached…..names explanatory. That is a targeted one.

Perhaps I am NOT seeing the forest because of the trees and missing something silly?

pfSense:
2.2-RELEASE (i386)
built on Thu Jan 22 14:04:25 CST 2015
FreeBSD 10.1-RELEASE-p4

I realise that this is just ONE IP and have the PORTS selected similarly.

AND does Stream use 443 at all? I will assume from reading other threads that pf cannot stop encrypted traffic.

Time to hit the Submit button!!

Thanks in advance...

![Steam Rule Top.jpg](/public/imported_attachments/1/Steam Rule Top.jpg)
![Steam Rule Top.jpg_thumb](/public/imported_attachments/1/Steam Rule Top.jpg_thumb)
![Steam Rule Low.jpg](/public/imported_attachments/1/Steam Rule Low.jpg)
![Steam Rule Low.jpg_thumb](/public/imported_attachments/1/Steam Rule Low.jpg_thumb)
![Steam Ports.jpg](/public/imported_attachments/1/Steam Ports.jpg)
![Steam Ports.jpg_thumb](/public/imported_attachments/1/Steam Ports.jpg_thumb)

RSTech

Dude, you've got the rule set to "Pass"… this may be your problem.