123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172 |
- @product
- Feature: The Tor enforcement is effective
- As a Tails user
- I want all direct Internet connections I do by mistake or applications do by misconfiguration or buggy leaks to be blocked
- And as a Tails developer
- I want to ensure that the automated test suite detects firewall leaks reliably
- Scenario: The firewall configuration is very restrictive
- Given I have started Tails from DVD and logged in and the network is connected
- Then the firewall's policy is to drop all IPv4 traffic
- And the firewall is configured to only allow the clearnet and debian-tor users to connect directly to the Internet over IPv4
- And the firewall's NAT rules only redirect traffic for Tor's TransPort and DNSPort
- And the firewall is configured to block all external IPv6 traffic
- @fragile
- Scenario: Anti test: Detecting TCP leaks from the Unsafe Browser with the firewall leak detector
- Given I have started Tails from DVD and logged in and the network is connected
- And I capture all network traffic
- When I successfully start the Unsafe Browser
- And I open Tails homepage in the Unsafe Browser
- And Tails homepage loads in the Unsafe Browser
- Then the firewall leak detector has detected leaks
- Scenario: Anti test: Detecting TCP leaks of DNS lookups with the firewall leak detector
- Given I have started Tails from DVD and logged in and the network is connected
- And I capture all network traffic
- And I disable Tails' firewall
- When I do a TCP DNS lookup of "torproject.org"
- Then the firewall leak detector has detected leaks
- Scenario: Anti test: Detecting UDP leaks of DNS lookups with the firewall leak detector
- Given I have started Tails from DVD and logged in and the network is connected
- And I capture all network traffic
- And I disable Tails' firewall
- When I do a UDP DNS lookup of "torproject.org"
- Then the firewall leak detector has detected leaks
- Scenario: Anti test: Detecting ICMP leaks of ping with the firewall leak detector
- Given I have started Tails from DVD and logged in and the network is connected
- And I capture all network traffic
- And I disable Tails' firewall
- When I send some ICMP pings
- Then the firewall leak detector has detected leaks
- @check_tor_leaks
- Scenario: The Tor enforcement is effective at blocking untorified TCP connection attempts
- Given I have started Tails from DVD and logged in and the network is connected
- When I open an untorified TCP connections to 1.2.3.4 on port 42 that is expected to fail
- Then the untorified connection fails
- And the untorified connection is logged as dropped by the firewall
- @check_tor_leaks
- Scenario: The Tor enforcement is effective at blocking untorified UDP connection attempts
- Given I have started Tails from DVD and logged in and the network is connected
- When I open an untorified UDP connections to 1.2.3.4 on port 42 that is expected to fail
- Then the untorified connection fails
- And the untorified connection is logged as dropped by the firewall
- @check_tor_leaks @fragile
- Scenario: The Tor enforcement is effective at blocking untorified ICMP connection attempts
- Given I have started Tails from DVD and logged in and the network is connected
- When I open an untorified ICMP connections to 1.2.3.4 that is expected to fail
- Then the untorified connection fails
- And the untorified connection is logged as dropped by the firewall
- Scenario: The system DNS is always set up to use Tor's DNSPort
- Given I have started Tails from DVD without network and logged in
- And the system DNS is using the local DNS resolver
- And the network is plugged
- And Tor is ready
- Then the system DNS is still using the local DNS resolver
|