Cucumber Reports (no 6463) - Feature: The Tor enforcement is effective

Project	Number	Date
test_Tails_ISO_stable	6463	18 Jun 2026, 16:21

	Steps	Scenarios	Features
The Tor enforcement is effective	39	0	0	0	0	39	8	0	8	1:57.637	Passed

Tags: @product

Feature The Tor enforcement is effective

As a Tails user I want all direct Internet connections I do by mistake or applications do by misconfiguration or buggy leaks to be blocked And as a Tails developer I want to ensure that the automated test suite detects firewall leaks reliably

Tags: @product

12.257

Scenario The firewall configuration is very restrictive

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.027

Steps

Given I have started Tails from DVD and logged in and the network is connected 11.894

Then the firewall's policy is to drop all IPv4 traffic 0.061

And the firewall is configured to only allow the clearnet and debian-tor users to connect directly to the Internet over IPv4 0.177

And the firewall's NAT rules only redirect traffic for the Unsafe Browser, Tor's TransPort, and DNSPort 0.058

And the firewall is configured to block all external IPv6 traffic 0.065

Hooks

After features/support/hooks.rb:339 0.950

After features/support/hooks.rb:108 0.000

Tags: @product @doc

25.649

Scenario Anti test: Detecting TCP leaks from the Unsafe Browser with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.023

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.383

And I capture all network traffic 0.029

When I successfully start the Unsafe Browser 7.129

And I open the Tails homepage in the Unsafe Browser 7.378

And the Tails homepage loads in the Unsafe Browser 0.311

Then the firewall leak detector has detected leaks 0.417

Hooks

After features/support/hooks.rb:339 0.587

After features/support/hooks.rb:108 0.050

Tags: @product

10.844

Scenario Anti test: Detecting TCP leaks of DNS lookups with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.040

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.388

And I capture all network traffic 0.022

And I disable Tails' firewall 0.109

When I do a TCP DNS lookup of "torproject.org" 0.266

Then the firewall leak detector has detected leaks 0.057

Hooks

After features/support/hooks.rb:339 0.909

After features/support/hooks.rb:108 0.061

Tags: @product

10.738

Scenario Anti test: Detecting UDP leaks of DNS lookups with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.036

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.272

And I capture all network traffic 0.081

And I disable Tails' firewall 0.150

When I do a UDP DNS lookup of "torproject.org" 0.193

Then the firewall leak detector has detected leaks 0.040

Hooks

After features/support/hooks.rb:339 0.971

After features/support/hooks.rb:108 0.042

Tags: @product

14.732

Scenario Anti test: Detecting ICMP leaks of ping with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.021

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.454

And I capture all network traffic 0.023

And I disable Tails' firewall 0.104

When I send some ICMP pings 4.094

Then the firewall leak detector has detected leaks 0.054

Hooks

After features/support/hooks.rb:339 0.981

After features/support/hooks.rb:108 0.055

Tags: @product @check_tor_leaks

10.750

Scenario The Tor enforcement is effective at blocking untorified UDP connection attempts

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.022

Before features/support/hooks.rb:527 0.022

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.392

When I open an untorified UDP connection to 1.2.3.4 on port 42 0.279

Then the untorified connection fails 0.000

And the untorified connection is logged as dropped by the firewall 0.077

Hooks

After features/support/hooks.rb:535 0.194

After features/support/hooks.rb:339 0.783

After features/support/hooks.rb:108 0.000

Tags: @product @check_tor_leaks

15.643

Scenario The Tor enforcement is effective at blocking untorified ICMP connection attempts

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.022

Before features/support/hooks.rb:527 0.026

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.183

When I open an untorified ICMP connection to 1.2.3.4 5.384

Then the untorified connection fails 0.000

And the untorified connection is logged as dropped by the firewall 0.076

Hooks

After features/support/hooks.rb:535 0.180

After features/support/hooks.rb:339 0.956

After features/support/hooks.rb:108 0.000

Tags: @product

17.020

Scenario The system DNS is always set up to use Tor's DNSPort

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.021

Steps

Given I have started Tails from DVD without network and logged in 7.144

And the system DNS is using the local DNS resolver 0.005

And the network is plugged 0.028

And I successfully configure Tor 9.835

Then the system DNS is still using the local DNS resolver 0.006

Hooks

After features/support/hooks.rb:339 0.817

After features/support/hooks.rb:108 0.000

	Steps						Scenarios			Features
Feature	Passed	Failed	Skipped	Pending	Undefined	Total	Passed	Failed	Total	Duration	Status
The Tor enforcement is effective	39	0	0	0	0	39	8	0	8	1:57.637	Passed

Feature Report