Cucumber Reports (no 4452) - Feature: The Tor enforcement is effective

Project	Number	Date
test_Tails_ISO_devel	4452	16 Jun 2026, 17:49

	Steps	Scenarios	Features
The Tor enforcement is effective	39	0	0	0	0	39	8	0	8	1:58.898	Passed

Tags: @product

Feature The Tor enforcement is effective

As a Tails user I want all direct Internet connections I do by mistake or applications do by misconfiguration or buggy leaks to be blocked And as a Tails developer I want to ensure that the automated test suite detects firewall leaks reliably

Tags: @product

11.798

Scenario The firewall configuration is very restrictive

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.019

Steps

Given I have started Tails from DVD and logged in and the network is connected 11.400

Then the firewall's policy is to drop all IPv4 traffic 0.075

And the firewall is configured to only allow the clearnet and debian-tor users to connect directly to the Internet over IPv4 0.204

And the firewall's NAT rules only redirect traffic for the Unsafe Browser, Tor's TransPort, and DNSPort 0.056

And the firewall is configured to block all external IPv6 traffic 0.060

Hooks

After features/support/hooks.rb:339 0.931

After features/support/hooks.rb:108 0.000

Tags: @product @doc

25.308

Scenario Anti test: Detecting TCP leaks from the Unsafe Browser with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.022

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.540

And I capture all network traffic 0.021

When I successfully start the Unsafe Browser 6.239

And I open the Tails homepage in the Unsafe Browser 7.752

And the Tails homepage loads in the Unsafe Browser 0.353

Then the firewall leak detector has detected leaks 0.401

Hooks

After features/support/hooks.rb:339 0.965

After features/support/hooks.rb:108 0.072

Tags: @product

10.838

Scenario Anti test: Detecting TCP leaks of DNS lookups with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.026

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.421

And I capture all network traffic 0.025

And I disable Tails' firewall 0.101

When I do a TCP DNS lookup of "torproject.org" 0.198

Then the firewall leak detector has detected leaks 0.092

Hooks

After features/support/hooks.rb:339 0.869

After features/support/hooks.rb:108 0.037

Tags: @product

10.999

Scenario Anti test: Detecting UDP leaks of DNS lookups with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.053

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.624

And I capture all network traffic 0.019

And I disable Tails' firewall 0.142

When I do a UDP DNS lookup of "torproject.org" 0.175

Then the firewall leak detector has detected leaks 0.036

Hooks

After features/support/hooks.rb:339 0.727

After features/support/hooks.rb:108 0.048

Tags: @product

14.921

Scenario Anti test: Detecting ICMP leaks of ping with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.018

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.533

And I capture all network traffic 0.020

And I disable Tails' firewall 0.144

When I send some ICMP pings 4.073

Then the firewall leak detector has detected leaks 0.149

Hooks

After features/support/hooks.rb:339 0.829

After features/support/hooks.rb:108 0.044

Tags: @product @check_tor_leaks

11.144

Scenario The Tor enforcement is effective at blocking untorified UDP connection attempts

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.018

Before features/support/hooks.rb:527 0.033

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.551

When I open an untorified UDP connection to 1.2.3.4 on port 42 0.510

Then the untorified connection fails 0.000

And the untorified connection is logged as dropped by the firewall 0.082

Hooks

After features/support/hooks.rb:535 0.164

After features/support/hooks.rb:339 0.886

After features/support/hooks.rb:108 0.000

Tags: @product @check_tor_leaks

16.162

Scenario The Tor enforcement is effective at blocking untorified ICMP connection attempts

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.019

Before features/support/hooks.rb:527 0.020

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.700

When I open an untorified ICMP connection to 1.2.3.4 5.388

Then the untorified connection fails 0.000

And the untorified connection is logged as dropped by the firewall 0.073

Hooks

After features/support/hooks.rb:535 0.180

After features/support/hooks.rb:339 0.795

After features/support/hooks.rb:108 0.000

Tags: @product

17.726

Scenario The system DNS is always set up to use Tor's DNSPort

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.019

Steps

Given I have started Tails from DVD without network and logged in 7.597

And the system DNS is using the local DNS resolver 0.009

And the network is plugged 0.019

And I successfully configure Tor 10.093

Then the system DNS is still using the local DNS resolver 0.005

Hooks

After features/support/hooks.rb:339 1.046

After features/support/hooks.rb:108 0.000

	Steps						Scenarios			Features
Feature	Passed	Failed	Skipped	Pending	Undefined	Total	Passed	Failed	Total	Duration	Status
The Tor enforcement is effective	39	0	0	0	0	39	8	0	8	1:58.898	Passed

Feature Report