Cucumber Reports (no 4459) - Feature: The Tor enforcement is effective

Project	Number	Date
test_Tails_ISO_devel	4459	18 Jun 2026, 11:30

	Steps	Scenarios	Features
The Tor enforcement is effective	39	0	0	0	0	39	8	0	8	2:0.495	Passed

Tags: @product

Feature The Tor enforcement is effective

As a Tails user I want all direct Internet connections I do by mistake or applications do by misconfiguration or buggy leaks to be blocked And as a Tails developer I want to ensure that the automated test suite detects firewall leaks reliably

Tags: @product

12.543

Scenario The firewall configuration is very restrictive

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.022

Steps

Given I have started Tails from DVD and logged in and the network is connected 12.227

Then the firewall's policy is to drop all IPv4 traffic 0.078

And the firewall is configured to only allow the clearnet and debian-tor users to connect directly to the Internet over IPv4 0.139

And the firewall's NAT rules only redirect traffic for the Unsafe Browser, Tor's TransPort, and DNSPort 0.047

And the firewall is configured to block all external IPv6 traffic 0.050

Hooks

After features/support/hooks.rb:339 0.635

After features/support/hooks.rb:108 0.000

Tags: @product @doc

25.406

Scenario Anti test: Detecting TCP leaks from the Unsafe Browser with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.020

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.208

And I capture all network traffic 0.022

When I successfully start the Unsafe Browser 6.724

And I open the Tails homepage in the Unsafe Browser 7.661

And the Tails homepage loads in the Unsafe Browser 0.355

Then the firewall leak detector has detected leaks 0.433

Hooks

After features/support/hooks.rb:339 0.828

After features/support/hooks.rb:108 0.044

Tags: @product

11.092

Scenario Anti test: Detecting TCP leaks of DNS lookups with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.021

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.641

And I capture all network traffic 0.022

And I disable Tails' firewall 0.117

When I do a TCP DNS lookup of "torproject.org" 0.212

Then the firewall leak detector has detected leaks 0.098

Hooks

After features/support/hooks.rb:339 0.689

After features/support/hooks.rb:108 0.043

Tags: @product

10.861

Scenario Anti test: Detecting UDP leaks of DNS lookups with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.021

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.475

And I capture all network traffic 0.024

And I disable Tails' firewall 0.153

When I do a UDP DNS lookup of "torproject.org" 0.165

Then the firewall leak detector has detected leaks 0.042

Hooks

After features/support/hooks.rb:339 0.896

After features/support/hooks.rb:108 0.066

Tags: @product

14.876

Scenario Anti test: Detecting ICMP leaks of ping with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.026

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.526

And I capture all network traffic 0.022

And I disable Tails' firewall 0.122

When I send some ICMP pings 4.079

Then the firewall leak detector has detected leaks 0.124

Hooks

After features/support/hooks.rb:339 0.890

After features/support/hooks.rb:108 0.037

Tags: @product @check_tor_leaks

11.169

Scenario The Tor enforcement is effective at blocking untorified UDP connection attempts

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.028

Before features/support/hooks.rb:527 0.017

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.788

When I open an untorified UDP connection to 1.2.3.4 on port 42 0.294

Then the untorified connection fails 0.000

And the untorified connection is logged as dropped by the firewall 0.086

Hooks

After features/support/hooks.rb:535 0.223

After features/support/hooks.rb:339 1.050

After features/support/hooks.rb:108 0.000

Tags: @product @check_tor_leaks

16.406

Scenario The Tor enforcement is effective at blocking untorified ICMP connection attempts

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.026

Before features/support/hooks.rb:527 0.024

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.966

When I open an untorified ICMP connection to 1.2.3.4 5.342

Then the untorified connection fails 0.000

And the untorified connection is logged as dropped by the firewall 0.097

Hooks

After features/support/hooks.rb:535 0.221

After features/support/hooks.rb:339 0.585

After features/support/hooks.rb:108 0.000

Tags: @product

18.140

Scenario The system DNS is always set up to use Tor's DNSPort

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.025

Steps

Given I have started Tails from DVD without network and logged in 7.495

And the system DNS is using the local DNS resolver 0.010

And the network is plugged 0.032

And I successfully configure Tor 10.596

Then the system DNS is still using the local DNS resolver 0.005

Hooks

After features/support/hooks.rb:339 0.655

After features/support/hooks.rb:108 0.000

	Steps						Scenarios			Features
Feature	Passed	Failed	Skipped	Pending	Undefined	Total	Passed	Failed	Total	Duration	Status
The Tor enforcement is effective	39	0	0	0	0	39	8	0	8	2:0.495	Passed

Feature Report