I’m using suricata in pfsense 2.4.5 and my log file is being spammed with this error and don’t know how to fix it hoping someone can help me out here
ERRCODE: SC_ERR_LIBNET_WRITE_FAILED(147)] - libnet_write failed: libnet_write_raw_ipv4(): -1 bytes written (Permission denied)
Hi Genine, this error is generated as Suricata tries to send TCP RST or ICMP reachable packets after a
reject rule has matched. As the error indicates, it doesn’t have the permission to do so.
I don’t know how pfSense works well enough to comment on why it gets this error. Possible causes could be that Suricata runs as a user that does not have permission to send packets on a raw socket. Another option is that local firewall rules block the sending of these packets.
I think it would be best to ask through the pfSense support channels.