Cucumber Reports (no 6448) - Feature: The Tor enforcement is effective

Project	Number	Date
test_Tails_ISO_stable	6448	16 Jun 2026, 13:19

	Steps	Scenarios	Features
The Tor enforcement is effective	39	0	0	0	0	39	8	0	8	2:1.986	Passed

Tags: @product

Feature The Tor enforcement is effective

As a Tails user I want all direct Internet connections I do by mistake or applications do by misconfiguration or buggy leaks to be blocked And as a Tails developer I want to ensure that the automated test suite detects firewall leaks reliably

Tags: @product

11.945

Scenario The firewall configuration is very restrictive

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.026

Steps

Given I have started Tails from DVD and logged in and the network is connected 11.558

Then the firewall's policy is to drop all IPv4 traffic 0.051

And the firewall is configured to only allow the clearnet and debian-tor users to connect directly to the Internet over IPv4 0.191

And the firewall's NAT rules only redirect traffic for the Unsafe Browser, Tor's TransPort, and DNSPort 0.073

And the firewall is configured to block all external IPv6 traffic 0.069

Hooks

After features/support/hooks.rb:339 0.811

After features/support/hooks.rb:108 0.000

Tags: @product @doc

26.334

Scenario Anti test: Detecting TCP leaks from the Unsafe Browser with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.019

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.622

And I capture all network traffic 0.021

When I successfully start the Unsafe Browser 6.700

And I open the Tails homepage in the Unsafe Browser 7.800

And the Tails homepage loads in the Unsafe Browser 0.488

Then the firewall leak detector has detected leaks 0.701

Hooks

After features/support/hooks.rb:339 0.928

After features/support/hooks.rb:108 0.057

Tags: @product

11.491

Scenario Anti test: Detecting TCP leaks of DNS lookups with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.018

Steps

Given I have started Tails from DVD and logged in and the network is connected 11.044

And I capture all network traffic 0.024

And I disable Tails' firewall 0.110

When I do a TCP DNS lookup of "torproject.org" 0.249

Then the firewall leak detector has detected leaks 0.061

Hooks

After features/support/hooks.rb:339 0.715

After features/support/hooks.rb:108 0.051

Tags: @product

11.536

Scenario Anti test: Detecting UDP leaks of DNS lookups with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.021

Steps

Given I have started Tails from DVD and logged in and the network is connected 11.069

And I capture all network traffic 0.015

And I disable Tails' firewall 0.193

When I do a UDP DNS lookup of "torproject.org" 0.199

Then the firewall leak detector has detected leaks 0.057

Hooks

After features/support/hooks.rb:339 0.753

After features/support/hooks.rb:108 0.042

Tags: @product

14.924

Scenario Anti test: Detecting ICMP leaks of ping with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.019

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.541

And I capture all network traffic 0.020

And I disable Tails' firewall 0.106

When I send some ICMP pings 4.109

Then the firewall leak detector has detected leaks 0.147

Hooks

After features/support/hooks.rb:339 0.838

After features/support/hooks.rb:108 0.042

Tags: @product @check_tor_leaks

11.359

Scenario The Tor enforcement is effective at blocking untorified UDP connection attempts

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.051

Before features/support/hooks.rb:527 0.023

Steps

Given I have started Tails from DVD and logged in and the network is connected 11.037

When I open an untorified UDP connection to 1.2.3.4 on port 42 0.240

Then the untorified connection fails 0.000

And the untorified connection is logged as dropped by the firewall 0.082

Hooks

After features/support/hooks.rb:535 0.247

After features/support/hooks.rb:339 0.607

After features/support/hooks.rb:108 0.000

Tags: @product @check_tor_leaks

16.285

Scenario The Tor enforcement is effective at blocking untorified ICMP connection attempts

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.024

Before features/support/hooks.rb:527 0.026

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.777

When I open an untorified ICMP connection to 1.2.3.4 5.422

Then the untorified connection fails 0.000

And the untorified connection is logged as dropped by the firewall 0.085

Hooks

After features/support/hooks.rb:535 0.248

After features/support/hooks.rb:339 0.629

After features/support/hooks.rb:108 0.000

Tags: @product

18.109

Scenario The system DNS is always set up to use Tor's DNSPort

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.018

Steps

Given I have started Tails from DVD without network and logged in 7.592

And the system DNS is using the local DNS resolver 0.009

And the network is plugged 0.029

And I successfully configure Tor 10.470

Then the system DNS is still using the local DNS resolver 0.007

Hooks

After features/support/hooks.rb:339 0.653

After features/support/hooks.rb:108 0.000

	Steps						Scenarios			Features
Feature	Passed	Failed	Skipped	Pending	Undefined	Total	Passed	Failed	Total	Duration	Status
The Tor enforcement is effective	39	0	0	0	0	39	8	0	8	2:1.986	Passed

Feature Report