Cucumber Reports (no 4450) - Feature: The Tor enforcement is effective

Project	Number	Date
test_Tails_ISO_devel	4450	16 Jun 2026, 13:30

	Steps	Scenarios	Features
The Tor enforcement is effective	39	0	0	0	0	39	8	0	8	2:5.715	Passed

Tags: @product

Feature The Tor enforcement is effective

As a Tails user I want all direct Internet connections I do by mistake or applications do by misconfiguration or buggy leaks to be blocked And as a Tails developer I want to ensure that the automated test suite detects firewall leaks reliably

Tags: @product

12.281

Scenario The firewall configuration is very restrictive

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.024

Steps

Given I have started Tails from DVD and logged in and the network is connected 11.917

Then the firewall's policy is to drop all IPv4 traffic 0.058

And the firewall is configured to only allow the clearnet and debian-tor users to connect directly to the Internet over IPv4 0.204

And the firewall's NAT rules only redirect traffic for the Unsafe Browser, Tor's TransPort, and DNSPort 0.054

And the firewall is configured to block all external IPv6 traffic 0.045

Hooks

After features/support/hooks.rb:339 0.912

After features/support/hooks.rb:108 0.000

Tags: @product @doc

28.019

Scenario Anti test: Detecting TCP leaks from the Unsafe Browser with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.028

Steps

Given I have started Tails from DVD and logged in and the network is connected 11.229

And I capture all network traffic 0.035

When I successfully start the Unsafe Browser 7.035

And I open the Tails homepage in the Unsafe Browser 8.864

And the Tails homepage loads in the Unsafe Browser 0.336

Then the firewall leak detector has detected leaks 0.517

Hooks

After features/support/hooks.rb:339 0.820

After features/support/hooks.rb:108 0.039

Tags: @product

11.694

Scenario Anti test: Detecting TCP leaks of DNS lookups with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.036

Steps

Given I have started Tails from DVD and logged in and the network is connected 11.240

And I capture all network traffic 0.029

And I disable Tails' firewall 0.113

When I do a TCP DNS lookup of "torproject.org" 0.237

Then the firewall leak detector has detected leaks 0.073

Hooks

After features/support/hooks.rb:339 1.106

After features/support/hooks.rb:108 0.048

Tags: @product

11.806

Scenario Anti test: Detecting UDP leaks of DNS lookups with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.021

Steps

Given I have started Tails from DVD and logged in and the network is connected 11.469

And I capture all network traffic 0.022

And I disable Tails' firewall 0.126

When I do a UDP DNS lookup of "torproject.org" 0.149

Then the firewall leak detector has detected leaks 0.038

Hooks

After features/support/hooks.rb:339 0.934

After features/support/hooks.rb:108 0.043

Tags: @product

14.888

Scenario Anti test: Detecting ICMP leaks of ping with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.023

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.439

And I capture all network traffic 0.042

And I disable Tails' firewall 0.124

When I send some ICMP pings 4.088

Then the firewall leak detector has detected leaks 0.192

Hooks

After features/support/hooks.rb:339 0.867

After features/support/hooks.rb:108 0.034

Tags: @product @check_tor_leaks

11.037

Scenario The Tor enforcement is effective at blocking untorified UDP connection attempts

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.020

Before features/support/hooks.rb:527 0.017

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.750

When I open an untorified UDP connection to 1.2.3.4 on port 42 0.209

Then the untorified connection fails 0.000

And the untorified connection is logged as dropped by the firewall 0.077

Hooks

After features/support/hooks.rb:535 0.129

After features/support/hooks.rb:339 1.000

After features/support/hooks.rb:108 0.000

Tags: @product @check_tor_leaks

17.701

Scenario The Tor enforcement is effective at blocking untorified ICMP connection attempts

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.021

Before features/support/hooks.rb:527 0.021

Steps

Given I have started Tails from DVD and logged in and the network is connected 12.256

When I open an untorified ICMP connection to 1.2.3.4 5.360

Then the untorified connection fails 0.000

And the untorified connection is logged as dropped by the firewall 0.083

Hooks

After features/support/hooks.rb:535 0.235

After features/support/hooks.rb:339 0.835

After features/support/hooks.rb:108 0.000

Tags: @product

18.286

Scenario The system DNS is always set up to use Tor's DNSPort

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.032

Steps

Given I have started Tails from DVD without network and logged in 8.067

And the system DNS is using the local DNS resolver 0.019

And the network is plugged 0.025

And I successfully configure Tor 10.122

Then the system DNS is still using the local DNS resolver 0.051

Hooks

After features/support/hooks.rb:339 1.186

After features/support/hooks.rb:108 0.000

	Steps						Scenarios			Features
Feature	Passed	Failed	Skipped	Pending	Undefined	Total	Passed	Failed	Total	Duration	Status
The Tor enforcement is effective	39	0	0	0	0	39	8	0	8	2:5.715	Passed

Feature Report