Network and Port Rules

Use the following syntax to configure Nessus network scanning rules:

accept|reject address/netmask:ports

The address/netmask is in CIDR notation.

For example, based on the following rule, you cannot scan any IP address in the /24 (standard class C) network:

reject 10.42.123.0/24

Similarly, based on the following rule, you can scan any IP address in the /8 (standard class A) network:

accept 10.1.1.0/8

Also, you can define ports or a port range to be allowed or denied certain ports. For example, to forbid connecting to port 80 for 10.0.0.1, enter the following rule:

reject 10.0.0.1:80

Similarly to allow connecting to ports 8000 - 10000 for any host in the 192.168.0.0/24 subnet, enter the following rule:

accept 192.168.0.0/24:8000-10000

Copyright © 2023 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable,Inc. Tenable.sc, Tenable.ot, Lumin, Indegy, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.