Cucumber Reports (no 6449) - Feature: The Tor enforcement is effective

Project	Number	Date
test_Tails_ISO_stable	6449	16 Jun 2026, 14:09

	Steps	Scenarios	Features
The Tor enforcement is effective	39	0	0	0	0	39	8	0	8	1:58.049	Passed

Tags: @product

Feature The Tor enforcement is effective

As a Tails user I want all direct Internet connections I do by mistake or applications do by misconfiguration or buggy leaks to be blocked And as a Tails developer I want to ensure that the automated test suite detects firewall leaks reliably

Tags: @product

11.889

Scenario The firewall configuration is very restrictive

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.020

Steps

Given I have started Tails from DVD and logged in and the network is connected 11.460

Then the firewall's policy is to drop all IPv4 traffic 0.080

And the firewall is configured to only allow the clearnet and debian-tor users to connect directly to the Internet over IPv4 0.238

And the firewall's NAT rules only redirect traffic for the Unsafe Browser, Tor's TransPort, and DNSPort 0.066

And the firewall is configured to block all external IPv6 traffic 0.043

Hooks

After features/support/hooks.rb:339 0.936

After features/support/hooks.rb:108 0.000

Tags: @product @doc

25.154

Scenario Anti test: Detecting TCP leaks from the Unsafe Browser with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.027

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.622

And I capture all network traffic 0.015

When I successfully start the Unsafe Browser 6.228

And I open the Tails homepage in the Unsafe Browser 7.539

And the Tails homepage loads in the Unsafe Browser 0.372

Then the firewall leak detector has detected leaks 0.377

Hooks

After features/support/hooks.rb:339 0.663

After features/support/hooks.rb:108 0.043

Tags: @product

10.690

Scenario Anti test: Detecting TCP leaks of DNS lookups with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.019

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.203

And I capture all network traffic 0.021

And I disable Tails' firewall 0.148

When I do a TCP DNS lookup of "torproject.org" 0.278

Then the firewall leak detector has detected leaks 0.039

Hooks

After features/support/hooks.rb:339 1.049

After features/support/hooks.rb:108 0.066

Tags: @product

11.221

Scenario Anti test: Detecting UDP leaks of DNS lookups with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.019

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.784

And I capture all network traffic 0.028

And I disable Tails' firewall 0.173

When I do a UDP DNS lookup of "torproject.org" 0.193

Then the firewall leak detector has detected leaks 0.042

Hooks

After features/support/hooks.rb:339 0.999

After features/support/hooks.rb:108 0.035

Tags: @product

14.511

Scenario Anti test: Detecting ICMP leaks of ping with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.018

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.176

And I capture all network traffic 0.023

And I disable Tails' firewall 0.119

When I send some ICMP pings 4.081

Then the firewall leak detector has detected leaks 0.109

Hooks

After features/support/hooks.rb:339 0.814

After features/support/hooks.rb:108 0.040

Tags: @product @check_tor_leaks

10.900

Scenario The Tor enforcement is effective at blocking untorified UDP connection attempts

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.019

Before features/support/hooks.rb:527 0.024

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.477

When I open an untorified UDP connection to 1.2.3.4 on port 42 0.331

Then the untorified connection fails 0.000

And the untorified connection is logged as dropped by the firewall 0.091

Hooks

After features/support/hooks.rb:535 0.168

After features/support/hooks.rb:339 0.642

After features/support/hooks.rb:108 0.000

Tags: @product @check_tor_leaks

16.189

Scenario The Tor enforcement is effective at blocking untorified ICMP connection attempts

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.021

Before features/support/hooks.rb:527 0.028

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.756

When I open an untorified ICMP connection to 1.2.3.4 5.357

Then the untorified connection fails 0.000

And the untorified connection is logged as dropped by the firewall 0.075

Hooks

After features/support/hooks.rb:535 0.186

After features/support/hooks.rb:339 0.771

After features/support/hooks.rb:108 0.000

Tags: @product

17.491

Scenario The system DNS is always set up to use Tor's DNSPort

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.025

Steps

Given I have started Tails from DVD without network and logged in 7.355

And the system DNS is using the local DNS resolver 0.011

And the network is plugged 0.027

And I successfully configure Tor 10.090

Then the system DNS is still using the local DNS resolver 0.005

Hooks

After features/support/hooks.rb:339 0.803

After features/support/hooks.rb:108 0.000

	Steps						Scenarios			Features
Feature	Passed	Failed	Skipped	Pending	Undefined	Total	Passed	Failed	Total	Duration	Status
The Tor enforcement is effective	39	0	0	0	0	39	8	0	8	1:58.049	Passed

Feature Report