Cucumber Reports (no 6452) - Feature: The Tor enforcement is effective

Project	Number	Date
test_Tails_ISO_stable	6452	17 Jun 2026, 07:48

	Steps	Scenarios	Features
The Tor enforcement is effective	39	0	0	0	0	39	8	0	8	2:2.149	Passed

Tags: @product

Feature The Tor enforcement is effective

As a Tails user I want all direct Internet connections I do by mistake or applications do by misconfiguration or buggy leaks to be blocked And as a Tails developer I want to ensure that the automated test suite detects firewall leaks reliably

Tags: @product

12.534

Scenario The firewall configuration is very restrictive

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.028

Steps

Given I have started Tails from DVD and logged in and the network is connected 12.076

Then the firewall's policy is to drop all IPv4 traffic 0.091

And the firewall is configured to only allow the clearnet and debian-tor users to connect directly to the Internet over IPv4 0.196

And the firewall's NAT rules only redirect traffic for the Unsafe Browser, Tor's TransPort, and DNSPort 0.092

And the firewall is configured to block all external IPv6 traffic 0.077

Hooks

After features/support/hooks.rb:339 0.715

After features/support/hooks.rb:108 0.000

Tags: @product @doc

26.123

Scenario Anti test: Detecting TCP leaks from the Unsafe Browser with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.025

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.630

And I capture all network traffic 0.032

When I successfully start the Unsafe Browser 7.314

And I open the Tails homepage in the Unsafe Browser 7.440

And the Tails homepage loads in the Unsafe Browser 0.325

Then the firewall leak detector has detected leaks 0.380

Hooks

After features/support/hooks.rb:339 0.660

After features/support/hooks.rb:108 0.038

Tags: @product

11.100

Scenario Anti test: Detecting TCP leaks of DNS lookups with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.035

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.638

And I capture all network traffic 0.047

And I disable Tails' firewall 0.104

When I do a TCP DNS lookup of "torproject.org" 0.264

Then the firewall leak detector has detected leaks 0.044

Hooks

After features/support/hooks.rb:339 0.791

After features/support/hooks.rb:108 0.043

Tags: @product

11.519

Scenario Anti test: Detecting UDP leaks of DNS lookups with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.048

Steps

Given I have started Tails from DVD and logged in and the network is connected 11.098

And I capture all network traffic 0.025

And I disable Tails' firewall 0.132

When I do a UDP DNS lookup of "torproject.org" 0.216

Then the firewall leak detector has detected leaks 0.045

Hooks

After features/support/hooks.rb:339 0.756

After features/support/hooks.rb:108 0.037

Tags: @product

15.629

Scenario Anti test: Detecting ICMP leaks of ping with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.026

Steps

Given I have started Tails from DVD and logged in and the network is connected 11.242

And I capture all network traffic 0.048

And I disable Tails' firewall 0.125

When I send some ICMP pings 4.076

Then the firewall leak detector has detected leaks 0.136

Hooks

After features/support/hooks.rb:339 0.663

After features/support/hooks.rb:108 0.037

Tags: @product @check_tor_leaks

11.384

Scenario The Tor enforcement is effective at blocking untorified UDP connection attempts

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.026

Before features/support/hooks.rb:527 0.025

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.899

When I open an untorified UDP connection to 1.2.3.4 on port 42 0.401

Then the untorified connection fails 0.000

And the untorified connection is logged as dropped by the firewall 0.082

Hooks

After features/support/hooks.rb:535 0.297

After features/support/hooks.rb:339 1.103

After features/support/hooks.rb:108 0.000

Tags: @product @check_tor_leaks

16.205

Scenario The Tor enforcement is effective at blocking untorified ICMP connection attempts

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.023

Before features/support/hooks.rb:527 0.022

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.593

When I open an untorified ICMP connection to 1.2.3.4 5.441

Then the untorified connection fails 0.000

And the untorified connection is logged as dropped by the firewall 0.170

Hooks

After features/support/hooks.rb:535 0.322

After features/support/hooks.rb:339 0.781

After features/support/hooks.rb:108 0.000

Tags: @product

17.652

Scenario The system DNS is always set up to use Tor's DNSPort

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.023

Steps

Given I have started Tails from DVD without network and logged in 7.395

And the system DNS is using the local DNS resolver 0.008

And the network is plugged 0.023

And I successfully configure Tor 10.218

Then the system DNS is still using the local DNS resolver 0.006

Hooks

After features/support/hooks.rb:339 0.659

After features/support/hooks.rb:108 0.000

	Steps						Scenarios			Features
Feature	Passed	Failed	Skipped	Pending	Undefined	Total	Passed	Failed	Total	Duration	Status
The Tor enforcement is effective	39	0	0	0	0	39	8	0	8	2:2.149	Passed

Feature Report