Cucumber Reports (no 6446) - Feature: The Tor enforcement is effective

Project	Number	Date
test_Tails_ISO_stable	6446	15 Jun 2026, 14:42

	Steps	Scenarios	Features
The Tor enforcement is effective	39	0	0	0	0	39	8	0	8	2:2.738	Passed

Tags: @product

Feature The Tor enforcement is effective

As a Tails user I want all direct Internet connections I do by mistake or applications do by misconfiguration or buggy leaks to be blocked And as a Tails developer I want to ensure that the automated test suite detects firewall leaks reliably

Tags: @product

12.935

Scenario The firewall configuration is very restrictive

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.022

Steps

Given I have started Tails from DVD and logged in and the network is connected 12.352

Then the firewall's policy is to drop all IPv4 traffic 0.138

And the firewall is configured to only allow the clearnet and debian-tor users to connect directly to the Internet over IPv4 0.292

And the firewall's NAT rules only redirect traffic for the Unsafe Browser, Tor's TransPort, and DNSPort 0.076

And the firewall is configured to block all external IPv6 traffic 0.075

Hooks

After features/support/hooks.rb:339 1.060

After features/support/hooks.rb:108 0.000

Tags: @product @doc

26.361

Scenario Anti test: Detecting TCP leaks from the Unsafe Browser with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.024

Steps

Given I have started Tails from DVD and logged in and the network is connected 11.046

And I capture all network traffic 0.025

When I successfully start the Unsafe Browser 6.938

And I open the Tails homepage in the Unsafe Browser 7.590

And the Tails homepage loads in the Unsafe Browser 0.353

Then the firewall leak detector has detected leaks 0.407

Hooks

After features/support/hooks.rb:339 0.880

After features/support/hooks.rb:108 0.043

Tags: @product

11.928

Scenario Anti test: Detecting TCP leaks of DNS lookups with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.040

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.670

And I capture all network traffic 0.020

And I disable Tails' firewall 0.146

When I do a TCP DNS lookup of "torproject.org" 1.029

Then the firewall leak detector has detected leaks 0.060

Hooks

After features/support/hooks.rb:339 0.877

After features/support/hooks.rb:108 0.040

Tags: @product

11.080

Scenario Anti test: Detecting UDP leaks of DNS lookups with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.023

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.601

And I capture all network traffic 0.017

And I disable Tails' firewall 0.154

When I do a UDP DNS lookup of "torproject.org" 0.257

Then the firewall leak detector has detected leaks 0.050

Hooks

After features/support/hooks.rb:339 0.648

After features/support/hooks.rb:108 0.054

Tags: @product

15.441

Scenario Anti test: Detecting ICMP leaks of ping with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.020

Steps

Given I have started Tails from DVD and logged in and the network is connected 11.118

And I capture all network traffic 0.020

And I disable Tails' firewall 0.120

When I send some ICMP pings 4.065

Then the firewall leak detector has detected leaks 0.116

Hooks

After features/support/hooks.rb:339 0.780

After features/support/hooks.rb:108 0.048

Tags: @product @check_tor_leaks

10.950

Scenario The Tor enforcement is effective at blocking untorified UDP connection attempts

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.014

Before features/support/hooks.rb:527 0.008

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.632

When I open an untorified UDP connection to 1.2.3.4 on port 42 0.220

Then the untorified connection fails 0.000

And the untorified connection is logged as dropped by the firewall 0.097

Hooks

After features/support/hooks.rb:535 0.243

After features/support/hooks.rb:339 1.264

After features/support/hooks.rb:108 0.000

Tags: @product @check_tor_leaks

16.253

Scenario The Tor enforcement is effective at blocking untorified ICMP connection attempts

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.019

Before features/support/hooks.rb:527 0.017

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.790

When I open an untorified ICMP connection to 1.2.3.4 5.388

Then the untorified connection fails 0.000

And the untorified connection is logged as dropped by the firewall 0.074

Hooks

After features/support/hooks.rb:535 0.286

After features/support/hooks.rb:339 0.731

After features/support/hooks.rb:108 0.000

Tags: @product

17.786

Scenario The system DNS is always set up to use Tor's DNSPort

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.025

Steps

Given I have started Tails from DVD without network and logged in 7.460

And the system DNS is using the local DNS resolver 0.007

And the network is plugged 0.017

And I successfully configure Tor 10.289

Then the system DNS is still using the local DNS resolver 0.011

Hooks

After features/support/hooks.rb:339 1.324

After features/support/hooks.rb:108 0.000

	Steps						Scenarios			Features
Feature	Passed	Failed	Skipped	Pending	Undefined	Total	Passed	Failed	Total	Duration	Status
The Tor enforcement is effective	39	0	0	0	0	39	8	0	8	2:2.738	Passed

Feature Report