Opnsense IDS download rules with proxy not work

[Azgar1998]

Hello,

I have opnsense 23.7.6. I would like to download the IDS rules with a proxy but it does not work

my config:

/root/.cshrc:
setenv HTTP_PROXY http://proxy:8080
setenv HTTPS_PROXY http://proxy:8080
setenv http_proxy http://proxy:8080
setenv https_proxy http://proxy:8080
setenv FTP_PROXY http://proxy:8080
setenv ftp_proxy http://proxy:8080

/usr/local/etc/pkg.conf:

pkg_env : {
http_proxy: "{http://proxy:8080}"
https_proxy: "{http://proxy:8080}"
}

/usr/local/opnsense/service/conf/configd.conf:

HTTP_PROXY=http://proxy:8080
HTTPS_PROXY=http://proxy:8080
http_proxy=http://proxy:8080
https_proxy=http://proxy:8080
FTP_PROXY=http://proxy:8080
ftp_proxy=http://proxy:8080

/var/log/system/system_20231023.log:
rule-updater.py 24817 - [meta sequenceId="1"] download failed for https://rules.emergingthreats.net/open/suricata-6.0/emerging.rules.tar.gz (HTTPSConnectionPool(host='rules.emergingthreats.net', port=443): Max retries exceeded with url: /open/suricata-6.0/emerging.rules.tar.gz (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x8523c1a90>: Failed to establish a new connection: [Errno 60] Operation timed out')))

From the console:
when I do a curl test with google it works

pkg -d update: OK
pkg -d upgrade: OK

curl -v https://rules.emergingthreats.net: OK

the proxy has no filter

Thank for your help

[doktornotor]

You are filing this issue for a wrong repository. As you can read from the error message, this applies to any rules download, in your case the URL is rules.emergingthreats.net. There is no support for proxies in /usr/local/opnsense/scripts/suricata/rule-updater.py

Additionally, setting these variables via environment will never work while using urllib3. Not supported upstream: urllib3/urllib3#1785