Network and Port Rules

Use the following syntax to configure Nessus network scanning rules:

accept|reject address/netmask:ports

The address/netmask is in CIDR notation.

For example, based on the following rule, you cannot scan any IP address in the /24 (standard class C) network:

reject 10.42.123.0/24

Similarly, based on the following rule, you can scan any IP address in the /8 (standard class A) network:

accept 10.1.1.0/8

Also, you can define ports or a port range to be allowed or denied certain ports. For example, to forbid connecting to port 80 for 10.0.0.1, enter the following rule:

reject 10.0.0.1:80

Similarly to allow connecting to ports 8000 - 10000 for any host in the 192.168.0.0/24 subnet, enter the following rule:

accept 192.168.0.0/24:8000-10000