Network and Port Rules

To configure Nessus network scanning rules, the syntax is the following:

accept|reject address/netmask:ports

The address/netmask is in CIDR notation. For example, this will not let a user scan any IP address in the /24 (standard class C) network:

reject 10.42.123.0/24

For example, this will let a user scan any IP address in the /8 (standard class A) network:

accept 10.1.1.0/8

Additionally, you can define ports or a port range to be allowed or denied certain ports. For example, to forbid connecting to port 80 for 10.0.0.1:

reject 10.0.0.1:80

For example, to allow connecting to ports 8000 - 10000 for any host in the 192.168.0.0/24 subnet:

accept 192.168.0.0/24:8000-10000

Copyright © 2020 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable,Inc. Tenable.sc, Tenable.ot, Lumin, Indegy, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.