Cucumber Reports (no 4447) - Feature: The Tor enforcement is effective

Project	Number	Date
test_Tails_ISO_devel	4447	15 Jun 2026, 11:17

	Steps	Scenarios	Features
The Tor enforcement is effective	39	0	0	0	0	39	8	0	8	1:56.557	Passed

Tags: @product

Feature The Tor enforcement is effective

As a Tails user I want all direct Internet connections I do by mistake or applications do by misconfiguration or buggy leaks to be blocked And as a Tails developer I want to ensure that the automated test suite detects firewall leaks reliably

Tags: @product

11.527

Scenario The firewall configuration is very restrictive

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.050

Steps

Given I have started Tails from DVD and logged in and the network is connected 11.160

Then the firewall's policy is to drop all IPv4 traffic 0.084

And the firewall is configured to only allow the clearnet and debian-tor users to connect directly to the Internet over IPv4 0.173

And the firewall's NAT rules only redirect traffic for the Unsafe Browser, Tor's TransPort, and DNSPort 0.050

And the firewall is configured to block all external IPv6 traffic 0.057

Hooks

After features/support/hooks.rb:339 0.714

After features/support/hooks.rb:108 0.000

Tags: @product @doc

25.549

Scenario Anti test: Detecting TCP leaks from the Unsafe Browser with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.023

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.375

And I capture all network traffic 0.028

When I successfully start the Unsafe Browser 6.574

And I open the Tails homepage in the Unsafe Browser 7.774

And the Tails homepage loads in the Unsafe Browser 0.332

Then the firewall leak detector has detected leaks 0.463

Hooks

After features/support/hooks.rb:339 0.887

After features/support/hooks.rb:108 0.040

Tags: @product

10.482

Scenario Anti test: Detecting TCP leaks of DNS lookups with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.020

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.097

And I capture all network traffic 0.016

And I disable Tails' firewall 0.097

When I do a TCP DNS lookup of "torproject.org" 0.223

Then the firewall leak detector has detected leaks 0.047

Hooks

After features/support/hooks.rb:339 0.734

After features/support/hooks.rb:108 0.034

Tags: @product

10.592

Scenario Anti test: Detecting UDP leaks of DNS lookups with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.020

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.264

And I capture all network traffic 0.021

And I disable Tails' firewall 0.111

When I do a UDP DNS lookup of "torproject.org" 0.155

Then the firewall leak detector has detected leaks 0.040

Hooks

After features/support/hooks.rb:339 0.607

After features/support/hooks.rb:108 0.044

Tags: @product

14.475

Scenario Anti test: Detecting ICMP leaks of ping with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.021

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.186

And I capture all network traffic 0.051

And I disable Tails' firewall 0.119

When I send some ICMP pings 4.072

Then the firewall leak detector has detected leaks 0.046

Hooks

After features/support/hooks.rb:339 0.804

After features/support/hooks.rb:108 0.070

Tags: @product @check_tor_leaks

10.382

Scenario The Tor enforcement is effective at blocking untorified UDP connection attempts

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.019

Before features/support/hooks.rb:527 0.021

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.053

When I open an untorified UDP connection to 1.2.3.4 on port 42 0.258

Then the untorified connection fails 0.000

And the untorified connection is logged as dropped by the firewall 0.070

Hooks

After features/support/hooks.rb:535 0.211

After features/support/hooks.rb:339 0.582

After features/support/hooks.rb:108 0.000

Tags: @product @check_tor_leaks

15.754

Scenario The Tor enforcement is effective at blocking untorified ICMP connection attempts

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.024

Before features/support/hooks.rb:527 0.030

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.269

When I open an untorified ICMP connection to 1.2.3.4 5.401

Then the untorified connection fails 0.000

And the untorified connection is logged as dropped by the firewall 0.083

Hooks

After features/support/hooks.rb:535 0.210

After features/support/hooks.rb:339 0.732

After features/support/hooks.rb:108 0.000

Tags: @product

17.793

Scenario The system DNS is always set up to use Tor's DNSPort

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.021

Steps

Given I have started Tails from DVD without network and logged in 7.279

And the system DNS is using the local DNS resolver 0.005

And the network is plugged 0.025

And I successfully configure Tor 10.476

Then the system DNS is still using the local DNS resolver 0.006

Hooks

After features/support/hooks.rb:339 0.982

After features/support/hooks.rb:108 0.000

	Steps						Scenarios			Features
Feature	Passed	Failed	Skipped	Pending	Undefined	Total	Passed	Failed	Total	Duration	Status
The Tor enforcement is effective	39	0	0	0	0	39	8	0	8	1:56.557	Passed

Feature Report