If your Nessus client is also on the "inside" network, then you can block
1241/tcp externally, as that is the only port the Nessus server listens
on accepting connections from Nessus clients.
~Jay
On Wed, 21 Apr 2004, Michael Scheidell wrote:
> > Does anyone have an example of an IPTables filtering list under Redhat
> > that can be used with Nessus.
> >
> > I'm sorry if this is a little off topic.
> >
> > I have had some problems using Nessus and NAT (for external scans), so
> > I'm thinking of putting the Nessus scanner on the outside segment of our
> > network. I would like to setup IPTables so the machine is not completely
> > vulnerable to the outside.
>
> allow ip any any?
>
> put it on outside interface, start nessus it with -a {ip} option (using
> inside ip address), MAYBE use -S option with outside ip address.
>
> that way, nessus will only be listening on the internal interface.
>
> Anything else and you will interfere with nessus
>
>
--
..
.. Jay Jacobson
.. Edgeos, Inc. - 480.961.5996 - http://www.edgeos.com
..
.. Network Security Auditing and
.. Vulnerability Assessment Managed Services
..
_______________________________________________
Nessus mailing list
[EMAIL PROTECTED]
http://mail.nessus.org/mailman/listinfo/nessus
