Cucumber Reports (no 6451) - Feature: The Tor enforcement is effective

Project	Number	Date
test_Tails_ISO_stable	6451	16 Jun 2026, 19:31

	Steps	Scenarios	Features
The Tor enforcement is effective	39	0	0	0	0	39	8	0	8	1:54.445	Passed

Tags: @product

Feature The Tor enforcement is effective

As a Tails user I want all direct Internet connections I do by mistake or applications do by misconfiguration or buggy leaks to be blocked And as a Tails developer I want to ensure that the automated test suite detects firewall leaks reliably

Tags: @product

11.578

Scenario The firewall configuration is very restrictive

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.016

Steps

Given I have started Tails from DVD and logged in and the network is connected 11.192

Then the firewall's policy is to drop all IPv4 traffic 0.098

And the firewall is configured to only allow the clearnet and debian-tor users to connect directly to the Internet over IPv4 0.184

And the firewall's NAT rules only redirect traffic for the Unsafe Browser, Tor's TransPort, and DNSPort 0.056

And the firewall is configured to block all external IPv6 traffic 0.047

Hooks

After features/support/hooks.rb:339 0.674

After features/support/hooks.rb:108 0.000

Tags: @product @doc

24.533

Scenario Anti test: Detecting TCP leaks from the Unsafe Browser with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.013

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.193

And I capture all network traffic 0.016

When I successfully start the Unsafe Browser 5.954

And I open the Tails homepage in the Unsafe Browser 7.521

And the Tails homepage loads in the Unsafe Browser 0.349

Then the firewall leak detector has detected leaks 0.498

Hooks

After features/support/hooks.rb:339 0.699

After features/support/hooks.rb:108 0.058

Tags: @product

10.583

Scenario Anti test: Detecting TCP leaks of DNS lookups with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.022

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.159

And I capture all network traffic 0.015

And I disable Tails' firewall 0.101

When I do a TCP DNS lookup of "torproject.org" 0.268

Then the firewall leak detector has detected leaks 0.038

Hooks

After features/support/hooks.rb:339 0.618

After features/support/hooks.rb:108 0.080

Tags: @product

10.346

Scenario Anti test: Detecting UDP leaks of DNS lookups with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.015

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.026

And I capture all network traffic 0.020

And I disable Tails' firewall 0.100

When I do a UDP DNS lookup of "torproject.org" 0.152

Then the firewall leak detector has detected leaks 0.046

Hooks

After features/support/hooks.rb:339 0.933

After features/support/hooks.rb:108 0.043

Tags: @product

14.487

Scenario Anti test: Detecting ICMP leaks of ping with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.013

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.148

And I capture all network traffic 0.016

And I disable Tails' firewall 0.151

When I send some ICMP pings 4.118

Then the firewall leak detector has detected leaks 0.052

Hooks

After features/support/hooks.rb:339 0.699

After features/support/hooks.rb:108 0.050

Tags: @product @check_tor_leaks

10.741

Scenario The Tor enforcement is effective at blocking untorified UDP connection attempts

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.014

Before features/support/hooks.rb:527 0.012

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.254

When I open an untorified UDP connection to 1.2.3.4 on port 42 0.396

Then the untorified connection fails 0.000

And the untorified connection is logged as dropped by the firewall 0.090

Hooks

After features/support/hooks.rb:535 0.233

After features/support/hooks.rb:339 0.735

After features/support/hooks.rb:108 0.000

Tags: @product @check_tor_leaks

15.379

Scenario The Tor enforcement is effective at blocking untorified ICMP connection attempts

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.013

Before features/support/hooks.rb:527 0.012

Steps

Given I have started Tails from DVD and logged in and the network is connected 9.966

When I open an untorified ICMP connection to 1.2.3.4 5.322

Then the untorified connection fails 0.000

And the untorified connection is logged as dropped by the firewall 0.090

Hooks

After features/support/hooks.rb:535 0.186

After features/support/hooks.rb:339 0.630

After features/support/hooks.rb:108 0.000

Tags: @product

16.794

Scenario The system DNS is always set up to use Tor's DNSPort

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.037

Steps

Given I have started Tails from DVD without network and logged in 7.177

And the system DNS is using the local DNS resolver 0.005

And the network is plugged 0.040

And I successfully configure Tor 9.565

Then the system DNS is still using the local DNS resolver 0.004

Hooks

After features/support/hooks.rb:339 0.954

After features/support/hooks.rb:108 0.000

	Steps						Scenarios			Features
Feature	Passed	Failed	Skipped	Pending	Undefined	Total	Passed	Failed	Total	Duration	Status
The Tor enforcement is effective	39	0	0	0	0	39	8	0	8	1:54.445	Passed

Feature Report