Opnsense IDS download rules with proxy not work

[Azgar1998]

Hello,

I have opnsense 23.7.6. I would like to download the IDS rules with a proxy but it does not work

my config:

/root/.cshrc: setenv HTTP_PROXY http://proxy:8080 setenv HTTPS_PROXY http://proxy:8080 setenv http_proxy http://proxy:8080 setenv https_proxy http://proxy:8080 setenv FTP_PROXY http://proxy:8080 setenv ftp_proxy http://proxy:8080

/usr/local/etc/pkg.conf:

pkg_env : { http_proxy: "{http://proxy:8080}" https_proxy: "{http://proxy:8080}" }

/usr/local/opnsense/service/conf/configd.conf:

HTTP_PROXY=http://proxy:8080 HTTPS_PROXY=http://proxy:8080 http_proxy=http://proxy:8080 https_proxy=http://proxy:8080 FTP_PROXY=http://proxy:8080 ftp_proxy=http://proxy:8080

/var/log/system/system_20231023.log: rule-updater.py 24817 - [meta sequenceId="1"] download failed for https://rules.emergingthreats.net/open/suricata-6.0/emerging.rules.tar.gz (HTTPSConnectionPool(host='rules.emergingthreats.net', port=443): Max retries exceeded with url: /open/suricata-6.0/emerging.rules.tar.gz (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x8523c1a90>: Failed to establish a new connection: [Errno 60] Operation timed out')))

From the console: when I do a curl test with google it works

pkg -d update: OK pkg -d upgrade: OK

curl -v https://rules.emergingthreats.net: OK

the proxy has no filter

Thank for your help

[doktornotor]

You are filing this issue for a wrong repository. As you can read from the error message, this applies to any rules download, in your case the URL is rules.emergingthreats.net. There is no support for proxies in /usr/local/opnsense/scripts/suricata/rule-updater.py

Additionally, setting these variables via environment will never work while using urllib3. Not supported upstream: https://github.com/urllib3/urllib3/issues/1785