In Whonix design: Even if both firewalls in Whonix-Workstation and on Whonix-Gateway are disabled/failing to load, Whonix is still leak-proof. Still no clearnet leaks possible. Whonix-Workstation still won’t be able to connect to clearnet. Whonix-Workstation still won’t be able to bypass the Tor network. Applications inside Whonix-Workstation still have no way to determine the real external IP address. References:
- purpose of Whonix-Workstation firewall: https://www.whonix.org/wiki/Whonix-Workstation_Firewall#Purpose
- This is also kinda like asking, “How secure is Whonix?” See Whonix Security Overview
- For the technical details how that is implemented, see chapter With more technical terms.
For reference, the wiki page which this is about: