Network and Port Rules
To configure Nessus network scanning rules, the syntax is the following:
The address/netmask is in CIDR notation. For example, this will not let a user scan any IP address in the /24 (standard class C) network:
For example, this will let a user scan any IP address in the /8 (standard class A) network:
Additionally, you can define ports or a port range to be allowed or denied certain ports. For example, to forbid connecting to port 80 for 10.0.0.1:
For example, to allow connecting to ports 8000 - 10000 for any host in the 192.168.0.0/24 subnet: