TOC & Recently Viewed

Recently Viewed Topics

Network and Port Rules

To configure Nessus network scanning rules, the syntax is the following:

accept|reject address/netmask:ports

The address/netmask is in CIDR notation. For example, this will not let a user scan any IP address in the /24 (standard class C) network:


For example, this will let a user scan any IP address in the /8 (standard class A) network:


Additionally, you can define ports or a port range to be allowed or denied certain ports. For example, to forbid connecting to port 80 for


For example, to allow connecting to ports 8000 - 10000 for any host in the subnet:


Copyright 2017 Tenable, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.  Tenable,, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc.  All other products or services are trademarks of their respective owners.