Cucumber Reports (no 4448) - Feature: The Tor enforcement is effective

Project	Number	Date
test_Tails_ISO_devel	4448	15 Jun 2026, 15:25

	Steps	Scenarios	Features
The Tor enforcement is effective	39	0	0	0	0	39	8	0	8	1:50.135	Passed

Tags: @product

Feature The Tor enforcement is effective

As a Tails user I want all direct Internet connections I do by mistake or applications do by misconfiguration or buggy leaks to be blocked And as a Tails developer I want to ensure that the automated test suite detects firewall leaks reliably

Tags: @product

10.996

Scenario The firewall configuration is very restrictive

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.018

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.667

Then the firewall's policy is to drop all IPv4 traffic 0.058

And the firewall is configured to only allow the clearnet and debian-tor users to connect directly to the Internet over IPv4 0.148

And the firewall's NAT rules only redirect traffic for the Unsafe Browser, Tor's TransPort, and DNSPort 0.068

And the firewall is configured to block all external IPv6 traffic 0.054

Hooks

After features/support/hooks.rb:339 0.689

After features/support/hooks.rb:108 0.000

Tags: @product @doc

23.606

Scenario Anti test: Detecting TCP leaks from the Unsafe Browser with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.019

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.121

And I capture all network traffic 0.020

When I successfully start the Unsafe Browser 5.460

And I open the Tails homepage in the Unsafe Browser 7.284

And the Tails homepage loads in the Unsafe Browser 0.340

Then the firewall leak detector has detected leaks 0.379

Hooks

After features/support/hooks.rb:339 0.631

After features/support/hooks.rb:108 0.039

Tags: @product

10.238

Scenario Anti test: Detecting TCP leaks of DNS lookups with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.018

Steps

Given I have started Tails from DVD and logged in and the network is connected 9.904

And I capture all network traffic 0.022

And I disable Tails' firewall 0.106

When I do a TCP DNS lookup of "torproject.org" 0.169

Then the firewall leak detector has detected leaks 0.035

Hooks

After features/support/hooks.rb:339 0.932

After features/support/hooks.rb:108 0.046

Tags: @product

10.284

Scenario Anti test: Detecting UDP leaks of DNS lookups with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.018

Steps

Given I have started Tails from DVD and logged in and the network is connected 9.939

And I capture all network traffic 0.019

And I disable Tails' firewall 0.108

When I do a UDP DNS lookup of "torproject.org" 0.148

Then the firewall leak detector has detected leaks 0.069

Hooks

After features/support/hooks.rb:339 0.867

After features/support/hooks.rb:108 0.033

Tags: @product

14.174

Scenario Anti test: Detecting ICMP leaks of ping with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.019

Steps

Given I have started Tails from DVD and logged in and the network is connected 9.887

And I capture all network traffic 0.020

And I disable Tails' firewall 0.103

When I send some ICMP pings 4.069

Then the firewall leak detector has detected leaks 0.093

Hooks

After features/support/hooks.rb:339 0.576

After features/support/hooks.rb:108 0.047

Tags: @product @check_tor_leaks

10.146

Scenario The Tor enforcement is effective at blocking untorified UDP connection attempts

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.020

Before features/support/hooks.rb:527 0.039

Steps

Given I have started Tails from DVD and logged in and the network is connected 9.890

When I open an untorified UDP connection to 1.2.3.4 on port 42 0.198

Then the untorified connection fails 0.000

And the untorified connection is logged as dropped by the firewall 0.057

Hooks

After features/support/hooks.rb:535 0.157

After features/support/hooks.rb:339 0.839

After features/support/hooks.rb:108 0.000

Tags: @product @check_tor_leaks

15.581

Scenario The Tor enforcement is effective at blocking untorified ICMP connection attempts

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.044

Before features/support/hooks.rb:527 0.025

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.166

When I open an untorified ICMP connection to 1.2.3.4 5.341

Then the untorified connection fails 0.000

And the untorified connection is logged as dropped by the firewall 0.072

Hooks

After features/support/hooks.rb:535 0.167

After features/support/hooks.rb:339 0.947

After features/support/hooks.rb:108 0.000

Tags: @product

15.106

Scenario The system DNS is always set up to use Tor's DNSPort

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.018

Steps

Given I have started Tails from DVD without network and logged in 6.687

And the system DNS is using the local DNS resolver 0.007

And the network is plugged 0.017

And I successfully configure Tor 8.379

Then the system DNS is still using the local DNS resolver 0.013

Hooks

After features/support/hooks.rb:339 0.632

After features/support/hooks.rb:108 0.000

	Steps						Scenarios			Features
Feature	Passed	Failed	Skipped	Pending	Undefined	Total	Passed	Failed	Total	Duration	Status
The Tor enforcement is effective	39	0	0	0	0	39	8	0	8	1:50.135	Passed

Feature Report