Cucumber Reports (no 4462) - Feature: The Tor enforcement is effective

Project	Number	Date
test_Tails_ISO_devel	4462	20 Jun 2026, 11:21

	Steps	Scenarios	Features
The Tor enforcement is effective	39	0	0	0	0	39	8	0	8	1:55.087	Passed

Tags: @product

Feature The Tor enforcement is effective

As a Tails user I want all direct Internet connections I do by mistake or applications do by misconfiguration or buggy leaks to be blocked And as a Tails developer I want to ensure that the automated test suite detects firewall leaks reliably

Tags: @product

11.586

Scenario The firewall configuration is very restrictive

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.016

Steps

Given I have started Tails from DVD and logged in and the network is connected 11.224

Then the firewall's policy is to drop all IPv4 traffic 0.062

And the firewall is configured to only allow the clearnet and debian-tor users to connect directly to the Internet over IPv4 0.169

And the firewall's NAT rules only redirect traffic for the Unsafe Browser, Tor's TransPort, and DNSPort 0.069

And the firewall is configured to block all external IPv6 traffic 0.060

Hooks

After features/support/hooks.rb:339 0.605

After features/support/hooks.rb:108 0.000

Tags: @product @doc

25.025

Scenario Anti test: Detecting TCP leaks from the Unsafe Browser with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.016

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.246

And I capture all network traffic 0.023

When I successfully start the Unsafe Browser 6.577

And I open the Tails homepage in the Unsafe Browser 7.353

And the Tails homepage loads in the Unsafe Browser 0.291

Then the firewall leak detector has detected leaks 0.532

Hooks

After features/support/hooks.rb:339 0.725

After features/support/hooks.rb:108 0.041

Tags: @product

10.752

Scenario Anti test: Detecting TCP leaks of DNS lookups with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.018

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.334

And I capture all network traffic 0.025

And I disable Tails' firewall 0.124

When I do a TCP DNS lookup of "torproject.org" 0.217

Then the firewall leak detector has detected leaks 0.049

Hooks

After features/support/hooks.rb:339 0.991

After features/support/hooks.rb:108 0.041

Tags: @product

10.606

Scenario Anti test: Detecting UDP leaks of DNS lookups with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.027

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.289

And I capture all network traffic 0.039

And I disable Tails' firewall 0.123

When I do a UDP DNS lookup of "torproject.org" 0.111

Then the firewall leak detector has detected leaks 0.041

Hooks

After features/support/hooks.rb:339 0.587

After features/support/hooks.rb:108 0.040

Tags: @product

14.524

Scenario Anti test: Detecting ICMP leaks of ping with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.019

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.217

And I capture all network traffic 0.020

And I disable Tails' firewall 0.112

When I send some ICMP pings 4.072

Then the firewall leak detector has detected leaks 0.101

Hooks

After features/support/hooks.rb:339 0.687

After features/support/hooks.rb:108 0.050

Tags: @product @check_tor_leaks

10.894

Scenario The Tor enforcement is effective at blocking untorified UDP connection attempts

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.017

Before features/support/hooks.rb:527 0.017

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.303

When I open an untorified UDP connection to 1.2.3.4 on port 42 0.495

Then the untorified connection fails 0.000

And the untorified connection is logged as dropped by the firewall 0.095

Hooks

After features/support/hooks.rb:535 0.213

After features/support/hooks.rb:339 0.650

After features/support/hooks.rb:108 0.000

Tags: @product @check_tor_leaks

15.573

Scenario The Tor enforcement is effective at blocking untorified ICMP connection attempts

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.018

Before features/support/hooks.rb:527 0.020

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.184

When I open an untorified ICMP connection to 1.2.3.4 5.301

Then the untorified connection fails 0.000

And the untorified connection is logged as dropped by the firewall 0.087

Hooks

After features/support/hooks.rb:535 0.203

After features/support/hooks.rb:339 0.999

After features/support/hooks.rb:108 0.000

Tags: @product

16.124

Scenario The system DNS is always set up to use Tor's DNSPort

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.018

Steps

Given I have started Tails from DVD without network and logged in 7.121

And the system DNS is using the local DNS resolver 0.011

And the network is plugged 0.039

And I successfully configure Tor 8.943

Then the system DNS is still using the local DNS resolver 0.007

Hooks

After features/support/hooks.rb:339 0.688

After features/support/hooks.rb:108 0.000

	Steps						Scenarios			Features
Feature	Passed	Failed	Skipped	Pending	Undefined	Total	Passed	Failed	Total	Duration	Status
The Tor enforcement is effective	39	0	0	0	0	39	8	0	8	1:55.087	Passed

Feature Report