Cucumber Reports (no 6471) - Feature: The Tor enforcement is effective

Project	Number	Date
test_Tails_ISO_stable	6471	25 Jun 2026, 11:30

	Steps	Scenarios	Features
The Tor enforcement is effective	39	0	0	0	0	39	8	0	8	1:56.296	Passed

Tags: @product

Feature The Tor enforcement is effective

As a Tails user I want all direct Internet connections I do by mistake or applications do by misconfiguration or buggy leaks to be blocked And as a Tails developer I want to ensure that the automated test suite detects firewall leaks reliably

Tags: @product

11.526

Scenario The firewall configuration is very restrictive

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.003

Steps

Given I have started Tails from DVD and logged in and the network is connected 11.193

Then the firewall's policy is to drop all IPv4 traffic 0.053

And the firewall is configured to only allow the clearnet and debian-tor users to connect directly to the Internet over IPv4 0.180

And the firewall's NAT rules only redirect traffic for the Unsafe Browser, Tor's TransPort, and DNSPort 0.049

And the firewall is configured to block all external IPv6 traffic 0.048

Hooks

After features/support/hooks.rb:339 0.771

After features/support/hooks.rb:108 0.000

Tags: @product @doc

24.206

Scenario Anti test: Detecting TCP leaks from the Unsafe Browser with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.014

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.030

And I capture all network traffic 0.005

When I successfully start the Unsafe Browser 6.598

And I open the Tails homepage in the Unsafe Browser 7.117

And the Tails homepage loads in the Unsafe Browser 0.306

Then the firewall leak detector has detected leaks 0.148

Hooks

After features/support/hooks.rb:339 1.252

After features/support/hooks.rb:108 0.039

Tags: @product

10.465

Scenario Anti test: Detecting TCP leaks of DNS lookups with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.003

Steps

Given I have started Tails from DVD and logged in and the network is connected 9.983

And I capture all network traffic 0.006

And I disable Tails' firewall 0.143

When I do a TCP DNS lookup of "torproject.org" 0.204

Then the firewall leak detector has detected leaks 0.127

Hooks

After features/support/hooks.rb:339 0.711

After features/support/hooks.rb:108 0.047

Tags: @product

11.425

Scenario Anti test: Detecting UDP leaks of DNS lookups with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.003

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.267

And I capture all network traffic 0.003

And I disable Tails' firewall 0.116

When I do a UDP DNS lookup of "torproject.org" 0.877

Then the firewall leak detector has detected leaks 0.160

Hooks

After features/support/hooks.rb:339 0.755

After features/support/hooks.rb:108 0.043

Tags: @product

14.237

Scenario Anti test: Detecting ICMP leaks of ping with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.003

Steps

Given I have started Tails from DVD and logged in and the network is connected 9.837

And I capture all network traffic 0.004

And I disable Tails' firewall 0.134

When I send some ICMP pings 4.074

Then the firewall leak detector has detected leaks 0.186

Hooks

After features/support/hooks.rb:339 1.182

After features/support/hooks.rb:108 0.065

Tags: @product @check_tor_leaks

10.655

Scenario The Tor enforcement is effective at blocking untorified UDP connection attempts

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.020

Before features/support/hooks.rb:527 0.005

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.365

When I open an untorified UDP connection to 1.2.3.4 on port 42 0.211

Then the untorified connection fails 0.000

And the untorified connection is logged as dropped by the firewall 0.078

Hooks

After features/support/hooks.rb:535 0.256

After features/support/hooks.rb:339 0.813

After features/support/hooks.rb:108 0.000

Tags: @product @check_tor_leaks

15.386

Scenario The Tor enforcement is effective at blocking untorified ICMP connection attempts

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.003

Before features/support/hooks.rb:527 0.001

Steps

Given I have started Tails from DVD and logged in and the network is connected 9.943

When I open an untorified ICMP connection to 1.2.3.4 5.356

Then the untorified connection fails 0.000

And the untorified connection is logged as dropped by the firewall 0.086

Hooks

After features/support/hooks.rb:535 0.306

After features/support/hooks.rb:339 1.119

After features/support/hooks.rb:108 0.000

Tags: @product

18.392

Scenario The system DNS is always set up to use Tor's DNSPort

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.003

Steps

Given I have started Tails from DVD without network and logged in 6.779

And the system DNS is using the local DNS resolver 0.010

And the network is plugged 0.021

And I successfully configure Tor 11.574

Then the system DNS is still using the local DNS resolver 0.006

Hooks

After features/support/hooks.rb:339 0.912

After features/support/hooks.rb:108 0.000

	Steps						Scenarios			Features
Feature	Passed	Failed	Skipped	Pending	Undefined	Total	Passed	Failed	Total	Duration	Status
The Tor enforcement is effective	39	0	0	0	0	39	8	0	8	1:56.296	Passed

Feature Report