By default, the Pineapple Pager has a firewall which limits access to the admin interfaces (SSH and the Virtual Pager) to connections made via the USB-C and Management Wifi (if configured) networks.

Why is there a firewall?

The management interface firewall is in place for three main reasons:

  1. To protect access to your device. When connected in client mode, or when capturing clients via the Pineapple access points, you may not wish to allow any connections from other devices on the network.
  2. To help remain hidden. Making the Virtual Pager easily discoverable to clients on the open network is an easy loss to stealth!
  3. To protect access to your device! Thanks to the mess caused by self-signed SSL certificates, meaningfully protecting the Virtual Pager interface with https is essentially impossible. Accessing your virtual pager over http from an unprotected network can expose your admin password.

Turning off the firewall

Hak5 strongly believes that you own your device and can make your own decisions about security. While we don’t recommend disabling the firewall, you certainly can.

To disable the firewall, make the following change in /etc/config/firewall:

  config include
        option name 'hak5admin'
        option hak5ver '100'
        option type 'script'
        option path '/etc/firewall.d/admin'
        option enabled '1'

To:

  config include
        option name 'hak5admin'
        option hak5ver '100'
        option type 'script'
        option path '/etc/firewall.d/admin'
        option enabled '0'

Then restart the firewall with the command:

  fw4 restart