Cucumber Reports (no 6462) - Feature: The Tor enforcement is effective

Project	Number	Date
test_Tails_ISO_stable	6462	18 Jun 2026, 11:48

	Steps	Scenarios	Features
The Tor enforcement is effective	39	0	0	0	0	39	8	0	8	2:0.109	Passed

Tags: @product

Feature The Tor enforcement is effective

As a Tails user I want all direct Internet connections I do by mistake or applications do by misconfiguration or buggy leaks to be blocked And as a Tails developer I want to ensure that the automated test suite detects firewall leaks reliably

Tags: @product

12.420

Scenario The firewall configuration is very restrictive

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.029

Steps

Given I have started Tails from DVD and logged in and the network is connected 12.090

Then the firewall's policy is to drop all IPv4 traffic 0.053

And the firewall is configured to only allow the clearnet and debian-tor users to connect directly to the Internet over IPv4 0.167

And the firewall's NAT rules only redirect traffic for the Unsafe Browser, Tor's TransPort, and DNSPort 0.050

And the firewall is configured to block all external IPv6 traffic 0.059

Hooks

After features/support/hooks.rb:339 0.833

After features/support/hooks.rb:108 0.000

Tags: @product @doc

25.755

Scenario Anti test: Detecting TCP leaks from the Unsafe Browser with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.023

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.737

And I capture all network traffic 0.024

When I successfully start the Unsafe Browser 6.526

And I open the Tails homepage in the Unsafe Browser 7.792

And the Tails homepage loads in the Unsafe Browser 0.245

Then the firewall leak detector has detected leaks 0.429

Hooks

After features/support/hooks.rb:339 1.071

After features/support/hooks.rb:108 0.050

Tags: @product

10.870

Scenario Anti test: Detecting TCP leaks of DNS lookups with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.022

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.334

And I capture all network traffic 0.025

And I disable Tails' firewall 0.120

When I do a TCP DNS lookup of "torproject.org" 0.321

Then the firewall leak detector has detected leaks 0.068

Hooks

After features/support/hooks.rb:339 0.860

After features/support/hooks.rb:108 0.038

Tags: @product

10.924

Scenario Anti test: Detecting UDP leaks of DNS lookups with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.021

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.561

And I capture all network traffic 0.023

And I disable Tails' firewall 0.111

When I do a UDP DNS lookup of "torproject.org" 0.185

Then the firewall leak detector has detected leaks 0.042

Hooks

After features/support/hooks.rb:339 0.832

After features/support/hooks.rb:108 0.037

Tags: @product

14.363

Scenario Anti test: Detecting ICMP leaks of ping with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.023

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.083

And I capture all network traffic 0.050

And I disable Tails' firewall 0.114

When I send some ICMP pings 4.068

Then the firewall leak detector has detected leaks 0.046

Hooks

After features/support/hooks.rb:339 0.904

After features/support/hooks.rb:108 0.039

Tags: @product @check_tor_leaks

10.953

Scenario The Tor enforcement is effective at blocking untorified UDP connection attempts

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.022

Before features/support/hooks.rb:527 0.021

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.569

When I open an untorified UDP connection to 1.2.3.4 on port 42 0.220

Then the untorified connection fails 0.000

And the untorified connection is logged as dropped by the firewall 0.164

Hooks

After features/support/hooks.rb:535 0.182

After features/support/hooks.rb:339 0.647

After features/support/hooks.rb:108 0.000

Tags: @product @check_tor_leaks

16.299

Scenario The Tor enforcement is effective at blocking untorified ICMP connection attempts

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.023

Before features/support/hooks.rb:527 0.028

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.792

When I open an untorified ICMP connection to 1.2.3.4 5.419

Then the untorified connection fails 0.000

And the untorified connection is logged as dropped by the firewall 0.088

Hooks

After features/support/hooks.rb:535 0.210

After features/support/hooks.rb:339 0.713

After features/support/hooks.rb:108 0.000

Tags: @product

18.521

Scenario The system DNS is always set up to use Tor's DNSPort

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.024

Steps

Given I have started Tails from DVD without network and logged in 7.722

And the system DNS is using the local DNS resolver 0.006

And the network is plugged 0.022

And I successfully configure Tor 10.758

Then the system DNS is still using the local DNS resolver 0.011

Hooks

After features/support/hooks.rb:339 0.736

After features/support/hooks.rb:108 0.000

	Steps						Scenarios			Features
Feature	Passed	Failed	Skipped	Pending	Undefined	Total	Passed	Failed	Total	Duration	Status
The Tor enforcement is effective	39	0	0	0	0	39	8	0	8	2:0.109	Passed

Feature Report