Network and Port Rules

To configure Nessus network scanning rules, the syntax is the following:

accept|reject address/netmask:ports

The address/netmask is in CIDR notation. For example, this will not let a user scan any IP address in the /24 (standard class C) network:

reject 10.42.123.0/24

For example, this will let a user scan any IP address in the /8 (standard class A) network:

accept 10.1.1.0/8

Additionally, you can define ports or a port range to be allowed or denied certain ports. For example, to forbid connecting to port 80 for 10.0.0.1:

reject 10.0.0.1:80

For example, to allow connecting to ports 8000 - 10000 for any host in the 192.168.0.0/24 subnet:

accept 192.168.0.0/24:8000-10000