剛好前陣子也有類似的需求,因網路上找不到相關的資訊,於是就寫信問TEAMVIEWER原廠,對方的回覆解決了我問題,給你參考:

Thank you for your message.

Unfortunately, we do not have a fixed IP-Range of our Servers. Our network is very dynamic and constantly growing; therefore, it wouldn't make any sense to deploy a list of our IP-Addresses.

However, there are 2 options to unblock TeamViewer:

1. General unlocking of Port 5938 TCP for outgoing connections. (recommended)

Port 5938 is only used by a few programs and therefore is no security risk. This traffic should then neither be filtered nor cached.

2. Unlocking of URLs of the following formats (to any Server)

GET /din.aspx?s=…&client=DynGate…
GET /dout.aspx?s=…&client=DynGate…
POST /dout.aspx?s=…&client=DynGate…

Independent from the chosen method:
Please also check that no content filter or similar is blocking one of the following URLs:
*.teamviewer.com
*.dyngate.com

If you have any further questions please do not hesitate to contact us.

Teamviwer用的是tcp 5938進線和走tcp 80出去.

因為 TeamViewer 的設計目的是電腦可以上網，就可以被遠端遙控，那被控端就等於必須可以上網。
如果您不希望讓被控端可以上網，那您應該改用像VNC(port 5800)，甚至微軟作業系統內建的遠端桌面(port 3389)，這樣就可以封鎖80port上網了

哈~只允許以上通過 其他拒絕 是個不錯的方法