| blob | 4e6dc24f4db70240aa49dc21fc378cc24afa5b51 |
1 @product
2 Feature: The Tor enforcement is effective
3 As a Tails user
4 I want all direct Internet connections I do by mistake or applications do by misconfiguration or buggy leaks to be blocked
5 And as a Tails developer
6 I want to ensure that the automated test suite detects firewall leaks reliably
8 Scenario: The firewall configuration is very restrictive
9 Given I have started Tails from DVD and logged in and the network is connected
10 Then the firewall's policy is to drop all IPv4 traffic
11 And the firewall is configured to only allow the clearnet and debian-tor users to connect directly to the Internet over IPv4
12 And the firewall's NAT rules only redirect traffic for the Unsafe Browser, Tor's TransPort, and DNSPort
13 And the firewall is configured to block all external IPv6 traffic
15 Scenario: Anti test: Detecting TCP leaks from the Unsafe Browser with the firewall leak detector
16 Given I have started Tails from DVD and logged in and the network is connected
17 And I capture all network traffic
18 When I successfully start the Unsafe Browser
19 And I open the Tails homepage in the Unsafe Browser
20 And the Tails homepage loads in the Unsafe Browser
21 Then the firewall leak detector has detected leaks
23 Scenario: Anti test: Detecting TCP leaks of DNS lookups with the firewall leak detector
24 Given I have started Tails from DVD and logged in and the network is connected
25 And I capture all network traffic
26 And I disable Tails' firewall
27 When I do a TCP DNS lookup of "torproject.org"
28 Then the firewall leak detector has detected leaks
30 Scenario: Anti test: Detecting UDP leaks of DNS lookups with the firewall leak detector
31 Given I have started Tails from DVD and logged in and the network is connected
32 And I capture all network traffic
33 And I disable Tails' firewall
34 When I do a UDP DNS lookup of "torproject.org"
35 Then the firewall leak detector has detected leaks
37 Scenario: Anti test: Detecting ICMP leaks of ping with the firewall leak detector
38 Given I have started Tails from DVD and logged in and the network is connected
39 And I capture all network traffic
40 And I disable Tails' firewall
41 When I send some ICMP pings
42 Then the firewall leak detector has detected leaks
44 @check_tor_leaks
45 Scenario: The Tor enforcement is effective at blocking untorified TCP connection attempts
46 Given I have started Tails from DVD and logged in and the network is connected
47 When I open an untorified TCP connection to 1.2.3.4 on port 42
48 Then the untorified connection fails
49 And the untorified connection is logged as dropped by the firewall
51 @check_tor_leaks
52 Scenario: The Tor enforcement is effective at blocking untorified UDP connection attempts
53 Given I have started Tails from DVD and logged in and the network is connected
54 When I open an untorified UDP connection to 1.2.3.4 on port 42
55 Then the untorified connection fails
56 And the untorified connection is logged as dropped by the firewall
58 @check_tor_leaks
59 Scenario: The Tor enforcement is effective at blocking untorified ICMP connection attempts
60 Given I have started Tails from DVD and logged in and the network is connected
61 When I open an untorified ICMP connection to 1.2.3.4
62 Then the untorified connection fails
63 And the untorified connection is logged as dropped by the firewall
65 Scenario: The system DNS is always set up to use Tor's DNSPort
66 Given I have started Tails from DVD without network and logged in
67 And the system DNS is using the local DNS resolver
68 And the network is plugged
69 And I successfully configure Tor
70 Then the system DNS is still using the local DNS resolver