Cucumber Reports (no 4464) - Feature: The Tor enforcement is effective

Project	Number	Date
test_Tails_ISO_devel	4464	22 Jun 2026, 11:35

	Steps	Scenarios	Features
The Tor enforcement is effective	39	0	0	0	0	39	8	0	8	2:0.486	Passed

Tags: @product

Feature The Tor enforcement is effective

As a Tails user I want all direct Internet connections I do by mistake or applications do by misconfiguration or buggy leaks to be blocked And as a Tails developer I want to ensure that the automated test suite detects firewall leaks reliably

Tags: @product

12.195

Scenario The firewall configuration is very restrictive

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.049

Steps

Given I have started Tails from DVD and logged in and the network is connected 11.844

Then the firewall's policy is to drop all IPv4 traffic 0.064

And the firewall is configured to only allow the clearnet and debian-tor users to connect directly to the Internet over IPv4 0.192

And the firewall's NAT rules only redirect traffic for the Unsafe Browser, Tor's TransPort, and DNSPort 0.047

And the firewall is configured to block all external IPv6 traffic 0.047

Hooks

After features/support/hooks.rb:339 1.021

After features/support/hooks.rb:108 0.000

Tags: @product @doc

25.434

Scenario Anti test: Detecting TCP leaks from the Unsafe Browser with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.021

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.267

And I capture all network traffic 0.022

When I successfully start the Unsafe Browser 6.708

And I open the Tails homepage in the Unsafe Browser 7.639

And the Tails homepage loads in the Unsafe Browser 0.357

Then the firewall leak detector has detected leaks 0.438

Hooks

After features/support/hooks.rb:339 0.829

After features/support/hooks.rb:108 0.062

Tags: @product

11.462

Scenario Anti test: Detecting TCP leaks of DNS lookups with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.056

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.915

And I capture all network traffic 0.023

And I disable Tails' firewall 0.156

When I do a TCP DNS lookup of "torproject.org" 0.293

Then the firewall leak detector has detected leaks 0.073

Hooks

After features/support/hooks.rb:339 0.811

After features/support/hooks.rb:108 0.032

Tags: @product

11.009

Scenario Anti test: Detecting UDP leaks of DNS lookups with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.028

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.491

And I capture all network traffic 0.050

And I disable Tails' firewall 0.197

When I do a UDP DNS lookup of "torproject.org" 0.206

Then the firewall leak detector has detected leaks 0.063

Hooks

After features/support/hooks.rb:339 0.847

After features/support/hooks.rb:108 0.039

Tags: @product

14.948

Scenario Anti test: Detecting ICMP leaks of ping with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.027

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.679

And I capture all network traffic 0.021

And I disable Tails' firewall 0.112

When I send some ICMP pings 4.081

Then the firewall leak detector has detected leaks 0.052

Hooks

After features/support/hooks.rb:339 0.799

After features/support/hooks.rb:108 0.068

Tags: @product @check_tor_leaks

11.391

Scenario The Tor enforcement is effective at blocking untorified UDP connection attempts

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.023

Before features/support/hooks.rb:527 0.040

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.988

When I open an untorified UDP connection to 1.2.3.4 on port 42 0.327

Then the untorified connection fails 0.000

And the untorified connection is logged as dropped by the firewall 0.075

Hooks

After features/support/hooks.rb:535 0.204

After features/support/hooks.rb:339 0.628

After features/support/hooks.rb:108 0.000

Tags: @product @check_tor_leaks

16.009

Scenario The Tor enforcement is effective at blocking untorified ICMP connection attempts

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.029

Before features/support/hooks.rb:527 0.051

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.544

When I open an untorified ICMP connection to 1.2.3.4 5.383

Then the untorified connection fails 0.000

And the untorified connection is logged as dropped by the firewall 0.080

Hooks

After features/support/hooks.rb:535 0.277

After features/support/hooks.rb:339 0.941

After features/support/hooks.rb:108 0.000

Tags: @product

18.036

Scenario The system DNS is always set up to use Tor's DNSPort

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.024

Steps

Given I have started Tails from DVD without network and logged in 7.583

And the system DNS is using the local DNS resolver 0.013

And the network is plugged 0.016

And I successfully configure Tor 10.411

Then the system DNS is still using the local DNS resolver 0.010

Hooks

After features/support/hooks.rb:339 0.766

After features/support/hooks.rb:108 0.000

	Steps						Scenarios			Features
Feature	Passed	Failed	Skipped	Pending	Undefined	Total	Passed	Failed	Total	Duration	Status
The Tor enforcement is effective	39	0	0	0	0	39	8	0	8	2:0.486	Passed

Feature Report