Cucumber Reports (no 6472) - Feature: The Tor enforcement is effective

Project	Number	Date
test_Tails_ISO_stable	6472	26 Jun 2026, 11:45

	Steps	Scenarios	Features
The Tor enforcement is effective	39	0	0	0	0	39	8	0	8	1:55.360	Passed

Tags: @product

Feature The Tor enforcement is effective

As a Tails user I want all direct Internet connections I do by mistake or applications do by misconfiguration or buggy leaks to be blocked And as a Tails developer I want to ensure that the automated test suite detects firewall leaks reliably

Tags: @product

11.738

Scenario The firewall configuration is very restrictive

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.004

Steps

Given I have started Tails from DVD and logged in and the network is connected 11.417

Then the firewall's policy is to drop all IPv4 traffic 0.063

And the firewall is configured to only allow the clearnet and debian-tor users to connect directly to the Internet over IPv4 0.140

And the firewall's NAT rules only redirect traffic for the Unsafe Browser, Tor's TransPort, and DNSPort 0.068

And the firewall is configured to block all external IPv6 traffic 0.049

Hooks

After features/support/hooks.rb:339 1.006

After features/support/hooks.rb:108 0.000

Tags: @product @doc

24.674

Scenario Anti test: Detecting TCP leaks from the Unsafe Browser with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.003

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.059

And I capture all network traffic 0.004

When I successfully start the Unsafe Browser 7.012

And I open the Tails homepage in the Unsafe Browser 7.100

And the Tails homepage loads in the Unsafe Browser 0.336

Then the firewall leak detector has detected leaks 0.161

Hooks

After features/support/hooks.rb:339 0.611

After features/support/hooks.rb:108 0.062

Tags: @product

10.772

Scenario Anti test: Detecting TCP leaks of DNS lookups with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.019

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.201

And I capture all network traffic 0.005

And I disable Tails' firewall 0.146

When I do a TCP DNS lookup of "torproject.org" 0.295

Then the firewall leak detector has detected leaks 0.124

Hooks

After features/support/hooks.rb:339 1.131

After features/support/hooks.rb:108 0.066

Tags: @product

11.126

Scenario Anti test: Detecting UDP leaks of DNS lookups with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.006

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.022

And I capture all network traffic 0.004

And I disable Tails' firewall 0.169

When I do a UDP DNS lookup of "torproject.org" 0.781

Then the firewall leak detector has detected leaks 0.147

Hooks

After features/support/hooks.rb:339 0.929

After features/support/hooks.rb:108 0.061

Tags: @product

14.483

Scenario Anti test: Detecting ICMP leaks of ping with the firewall leak detector

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.006

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.147

And I capture all network traffic 0.005

And I disable Tails' firewall 0.119

When I send some ICMP pings 4.077

Then the firewall leak detector has detected leaks 0.133

Hooks

After features/support/hooks.rb:339 0.777

After features/support/hooks.rb:108 0.038

Tags: @product @check_tor_leaks

10.403

Scenario The Tor enforcement is effective at blocking untorified UDP connection attempts

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.004

Before features/support/hooks.rb:527 0.002

Steps

Given I have started Tails from DVD and logged in and the network is connected 10.022

When I open an untorified UDP connection to 1.2.3.4 on port 42 0.245

Then the untorified connection fails 0.000

And the untorified connection is logged as dropped by the firewall 0.136

Hooks

After features/support/hooks.rb:535 0.387

After features/support/hooks.rb:339 1.080

After features/support/hooks.rb:108 0.000

Tags: @product @check_tor_leaks

15.339

Scenario The Tor enforcement is effective at blocking untorified ICMP connection attempts

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.004

Before features/support/hooks.rb:527 0.002

Steps

Given I have started Tails from DVD and logged in and the network is connected 9.815

When I open an untorified ICMP connection to 1.2.3.4 5.446

Then the untorified connection fails 0.000

And the untorified connection is logged as dropped by the firewall 0.077

Hooks

After features/support/hooks.rb:535 0.293

After features/support/hooks.rb:339 0.626

After features/support/hooks.rb:108 0.000

Tags: @product

16.821

Scenario The system DNS is always set up to use Tor's DNSPort

Hooks

Before features/support/hooks.rb:274 0.000

Before features/support/hooks.rb:281 0.003

Steps

Given I have started Tails from DVD without network and logged in 6.720

And the system DNS is using the local DNS resolver 0.005

And the network is plugged 0.015

And I successfully configure Tor 10.074

Then the system DNS is still using the local DNS resolver 0.005

Hooks

After features/support/hooks.rb:339 0.953

After features/support/hooks.rb:108 0.000

	Steps						Scenarios			Features
Feature	Passed	Failed	Skipped	Pending	Undefined	Total	Passed	Failed	Total	Duration	Status
The Tor enforcement is effective	39	0	0	0	0	39	8	0	8	1:55.360	Passed

Feature Report