Cucumber Reports (no 6441) - Feature: The Tor enforcement is effective

Project	Number	Date
test_Tails_ISO_stable	6441	11 Jun 2026, 14:09

	Steps	Scenarios	Features
The Tor enforcement is effective	39	0	0	0	0	39	8	0	8	1:59.080	Passed

Tags: @product

Feature The Tor enforcement is effective

As a Tails user I want all direct Internet connections I do by mistake or applications do by misconfiguration or buggy leaks to be blocked And as a Tails developer I want to ensure that the automated test suite detects firewall leaks reliably

Tags: @product

11.964

Scenario The firewall configuration is very restrictive

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.023

Steps

Given I have started Tails from DVD and logged in and the network is connected 11.579

Then the firewall's policy is to drop all IPv4 traffic 0.061

And the firewall is configured to only allow the clearnet and debian-tor users to connect directly to the Internet over IPv4 0.190

And the firewall's NAT rules only redirect traffic for the Unsafe Browser, Tor's TransPort, and DNSPort 0.083

And the firewall is configured to block all external IPv6 traffic 0.049

Hooks

After features/support/hooks.rb:339 0.819

After features/support/hooks.rb:108 0.000

Tags: @product @doc

26.783

Scenario Anti test: Detecting TCP leaks from the Unsafe Browser with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.024

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.598

And I capture all network traffic 0.026

When I successfully start the Unsafe Browser 7.453

And I open the Tails homepage in the Unsafe Browser 7.945

And the Tails homepage loads in the Unsafe Browser 0.348

Then the firewall leak detector has detected leaks 0.411

Hooks

After features/support/hooks.rb:339 0.971

After features/support/hooks.rb:108 0.046

Tags: @product

10.790

Scenario Anti test: Detecting TCP leaks of DNS lookups with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.023

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.365

And I capture all network traffic 0.025

And I disable Tails' firewall 0.092

When I do a TCP DNS lookup of "torproject.org" 0.259

Then the firewall leak detector has detected leaks 0.046

Hooks

After features/support/hooks.rb:339 0.970

After features/support/hooks.rb:108 0.046

Tags: @product

10.989

Scenario Anti test: Detecting UDP leaks of DNS lookups with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.061

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.456

And I capture all network traffic 0.042

And I disable Tails' firewall 0.142

When I do a UDP DNS lookup of "torproject.org" 0.286

Then the firewall leak detector has detected leaks 0.062

Hooks

After features/support/hooks.rb:339 0.825

After features/support/hooks.rb:108 0.043

Tags: @product

15.007

Scenario Anti test: Detecting ICMP leaks of ping with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.016

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.605

And I capture all network traffic 0.030

And I disable Tails' firewall 0.146

When I send some ICMP pings 4.108

Then the firewall leak detector has detected leaks 0.115

Hooks

After features/support/hooks.rb:339 0.710

After features/support/hooks.rb:108 0.047

Tags: @product @check_tor_leaks

10.635

Scenario The Tor enforcement is effective at blocking untorified UDP connection attempts

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.023

Before features/support/hooks.rb:527 0.026

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.337

When I open an untorified UDP connection to 1.2.3.4 on port 42 0.225

Then the untorified connection fails 0.000

And the untorified connection is logged as dropped by the firewall 0.073

Hooks

After features/support/hooks.rb:535 0.209

After features/support/hooks.rb:339 0.919

After features/support/hooks.rb:108 0.000

Tags: @product @check_tor_leaks

15.646

Scenario The Tor enforcement is effective at blocking untorified ICMP connection attempts

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.024

Before features/support/hooks.rb:527 0.028

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.251

When I open an untorified ICMP connection to 1.2.3.4 5.314

Then the untorified connection fails 0.000

And the untorified connection is logged as dropped by the firewall 0.081

Hooks

After features/support/hooks.rb:535 0.448

After features/support/hooks.rb:339 0.793

After features/support/hooks.rb:108 0.000

Tags: @product

17.261

Scenario The system DNS is always set up to use Tor's DNSPort

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.035

Steps

Given I have started Tails from DVD without network and logged in 7.352

And the system DNS is using the local DNS resolver 0.006

And the network is plugged 0.020

And I successfully configure Tor 9.875

Then the system DNS is still using the local DNS resolver 0.007

Hooks

After features/support/hooks.rb:339 0.968

After features/support/hooks.rb:108 0.000

	Steps						Scenarios			Features
Feature	Passed	Failed	Skipped	Pending	Undefined	Total	Passed	Failed	Total	Duration	Status
The Tor enforcement is effective	39	0	0	0	0	39	8	0	8	1:59.080	Passed

Feature Report