Cucumber Reports (no 4451) - Feature: The Tor enforcement is effective

Project	Number	Date
test_Tails_ISO_devel	4451	16 Jun 2026, 14:07

	Steps	Scenarios	Features
The Tor enforcement is effective	39	0	0	0	0	39	8	0	8	1:56.472	Passed

Tags: @product

Feature The Tor enforcement is effective

As a Tails user I want all direct Internet connections I do by mistake or applications do by misconfiguration or buggy leaks to be blocked And as a Tails developer I want to ensure that the automated test suite detects firewall leaks reliably

Tags: @product

11.735

Scenario The firewall configuration is very restrictive

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.008

Steps

Given I have started Tails from DVD and logged in and the network is connected 11.420

Then the firewall's policy is to drop all IPv4 traffic 0.066

And the firewall is configured to only allow the clearnet and debian-tor users to connect directly to the Internet over IPv4 0.153

And the firewall's NAT rules only redirect traffic for the Unsafe Browser, Tor's TransPort, and DNSPort 0.046

And the firewall is configured to block all external IPv6 traffic 0.048

Hooks

After features/support/hooks.rb:339 1.017

After features/support/hooks.rb:108 0.000

Tags: @product @doc

25.165

Scenario Anti test: Detecting TCP leaks from the Unsafe Browser with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.007

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.465

And I capture all network traffic 0.025

When I successfully start the Unsafe Browser 6.635

And I open the Tails homepage in the Unsafe Browser 7.270

And the Tails homepage loads in the Unsafe Browser 0.394

Then the firewall leak detector has detected leaks 0.373

Hooks

After features/support/hooks.rb:339 0.657

After features/support/hooks.rb:108 0.051

Tags: @product

10.709

Scenario Anti test: Detecting TCP leaks of DNS lookups with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.033

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.282

And I capture all network traffic 0.009

And I disable Tails' firewall 0.104

When I do a TCP DNS lookup of "torproject.org" 0.270

Then the firewall leak detector has detected leaks 0.041

Hooks

After features/support/hooks.rb:339 1.024

After features/support/hooks.rb:108 0.061

Tags: @product

10.853

Scenario Anti test: Detecting UDP leaks of DNS lookups with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.009

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.506

And I capture all network traffic 0.010

And I disable Tails' firewall 0.136

When I do a UDP DNS lookup of "torproject.org" 0.160

Then the firewall leak detector has detected leaks 0.039

Hooks

After features/support/hooks.rb:339 0.958

After features/support/hooks.rb:108 0.050

Tags: @product

14.405

Scenario Anti test: Detecting ICMP leaks of ping with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.013

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.155

And I capture all network traffic 0.008

And I disable Tails' firewall 0.107

When I send some ICMP pings 4.085

Then the firewall leak detector has detected leaks 0.049

Hooks

After features/support/hooks.rb:339 0.793

After features/support/hooks.rb:108 0.041

Tags: @product @check_tor_leaks

10.545

Scenario The Tor enforcement is effective at blocking untorified UDP connection attempts

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.006

Before features/support/hooks.rb:527 0.003

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.071

When I open an untorified UDP connection to 1.2.3.4 on port 42 0.392

Then the untorified connection fails 0.000

And the untorified connection is logged as dropped by the firewall 0.081

Hooks

After features/support/hooks.rb:535 0.188

After features/support/hooks.rb:339 1.003

After features/support/hooks.rb:108 0.000

Tags: @product @check_tor_leaks

15.594

Scenario The Tor enforcement is effective at blocking untorified ICMP connection attempts

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.010

Before features/support/hooks.rb:527 0.005

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.177

When I open an untorified ICMP connection to 1.2.3.4 5.326

Then the untorified connection fails 0.000

And the untorified connection is logged as dropped by the firewall 0.090

Hooks

After features/support/hooks.rb:535 0.240

After features/support/hooks.rb:339 0.909

After features/support/hooks.rb:108 0.000

Tags: @product

17.463

Scenario The system DNS is always set up to use Tor's DNSPort

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.010

Steps

Given I have started Tails from DVD without network and logged in 6.821

And the system DNS is using the local DNS resolver 0.007

And the network is plugged 0.046

And I successfully configure Tor 10.581

Then the system DNS is still using the local DNS resolver 0.006

Hooks

After features/support/hooks.rb:339 0.831

After features/support/hooks.rb:108 0.000

	Steps						Scenarios			Features
Feature	Passed	Failed	Skipped	Pending	Undefined	Total	Passed	Failed	Total	Duration	Status
The Tor enforcement is effective	39	0	0	0	0	39	8	0	8	1:56.472	Passed

Feature Report