Cucumber Reports (no 4446) - Feature: The Tor enforcement is effective

Project	Number	Date
test_Tails_ISO_devel	4446	14 Jun 2026, 11:22

	Steps	Scenarios	Features
The Tor enforcement is effective	39	0	0	0	0	39	8	0	8	1:51.652	Passed

Tags: @product

Feature The Tor enforcement is effective

As a Tails user I want all direct Internet connections I do by mistake or applications do by misconfiguration or buggy leaks to be blocked And as a Tails developer I want to ensure that the automated test suite detects firewall leaks reliably

Tags: @product

11.326

Scenario The firewall configuration is very restrictive

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.013

Steps

Given I have started Tails from DVD and logged in and the network is connected 11.020

Then the firewall's policy is to drop all IPv4 traffic 0.056

And the firewall is configured to only allow the clearnet and debian-tor users to connect directly to the Internet over IPv4 0.152

And the firewall's NAT rules only redirect traffic for the Unsafe Browser, Tor's TransPort, and DNSPort 0.044

And the firewall is configured to block all external IPv6 traffic 0.052

Hooks

After features/support/hooks.rb:339 0.867

After features/support/hooks.rb:108 0.000

Tags: @product @doc

23.405

Scenario Anti test: Detecting TCP leaks from the Unsafe Browser with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.014

Steps

Given I have started Tails from DVD and logged in and the network is connected 9.834

And I capture all network traffic 0.015

When I successfully start the Unsafe Browser 5.950

And I open the Tails homepage in the Unsafe Browser 6.939

And the Tails homepage loads in the Unsafe Browser 0.287

Then the firewall leak detector has detected leaks 0.378

Hooks

After features/support/hooks.rb:339 0.777

After features/support/hooks.rb:108 0.043

Tags: @product

10.402

Scenario Anti test: Detecting TCP leaks of DNS lookups with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.013

Steps

Given I have started Tails from DVD and logged in and the network is connected 9.979

And I capture all network traffic 0.015

And I disable Tails' firewall 0.116

When I do a TCP DNS lookup of "torproject.org" 0.247

Then the firewall leak detector has detected leaks 0.043

Hooks

After features/support/hooks.rb:339 0.757

After features/support/hooks.rb:108 0.045

Tags: @product

10.193

Scenario Anti test: Detecting UDP leaks of DNS lookups with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.014

Steps

Given I have started Tails from DVD and logged in and the network is connected 9.697

And I capture all network traffic 0.022

And I disable Tails' firewall 0.142

When I do a UDP DNS lookup of "torproject.org" 0.235

Then the firewall leak detector has detected leaks 0.096

Hooks

After features/support/hooks.rb:339 0.979

After features/support/hooks.rb:108 0.040

Tags: @product

14.172

Scenario Anti test: Detecting ICMP leaks of ping with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.014

Steps

Given I have started Tails from DVD and logged in and the network is connected 9.825

And I capture all network traffic 0.017

And I disable Tails' firewall 0.141

When I send some ICMP pings 4.086

Then the firewall leak detector has detected leaks 0.101

Hooks

After features/support/hooks.rb:339 0.540

After features/support/hooks.rb:108 0.047

Tags: @product @check_tor_leaks

10.138

Scenario The Tor enforcement is effective at blocking untorified UDP connection attempts

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.021

Before features/support/hooks.rb:527 0.033

Steps

Given I have started Tails from DVD and logged in and the network is connected 9.858

When I open an untorified UDP connection to 1.2.3.4 on port 42 0.213

Then the untorified connection fails 0.000

And the untorified connection is logged as dropped by the firewall 0.066

Hooks

After features/support/hooks.rb:535 0.196

After features/support/hooks.rb:339 0.799

After features/support/hooks.rb:108 0.000

Tags: @product @check_tor_leaks

15.447

Scenario The Tor enforcement is effective at blocking untorified ICMP connection attempts

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.019

Before features/support/hooks.rb:527 0.019

Steps

Given I have started Tails from DVD and logged in and the network is connected 9.992

When I open an untorified ICMP connection to 1.2.3.4 5.384

Then the untorified connection fails 0.000

And the untorified connection is logged as dropped by the firewall 0.070

Hooks

After features/support/hooks.rb:535 0.203

After features/support/hooks.rb:339 0.602

After features/support/hooks.rb:108 0.000

Tags: @product

16.565

Scenario The system DNS is always set up to use Tor's DNSPort

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.013

Steps

Given I have started Tails from DVD without network and logged in 6.907

And the system DNS is using the local DNS resolver 0.005

And the network is plugged 0.017

And I successfully configure Tor 9.626

Then the system DNS is still using the local DNS resolver 0.007

Hooks

After features/support/hooks.rb:339 0.709

After features/support/hooks.rb:108 0.000

	Steps						Scenarios			Features
Feature	Passed	Failed	Skipped	Pending	Undefined	Total	Passed	Failed	Total	Duration	Status
The Tor enforcement is effective	39	0	0	0	0	39	8	0	8	1:51.652	Passed

Feature Report