> For the complete documentation index, see [llms.txt](https://documentation.hak5.org/wifi-pineapple-pager/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://documentation.hak5.org/wifi-pineapple-pager/connecting-to-the-wifi-pineapple-pager/firewall.md).
# Firewall
By default, the Pineapple Pager has a firewall which limits access to the admin interfaces (SSH and the Virtual Pager) to connections made via the *USB-C* and *Management Wifi* (if configured) networks.
### Why is there a firewall?
The management interface firewall is in place for three main reasons:
1. To protect access to your device. When connected in client mode, or when capturing clients via the Pineapple access points, you may not wish to allow any connections from other devices on the network.
2. To help remain hidden. Making the Virtual Pager easily discoverable to clients on the open network is an easy loss to stealth!
3. To protect access to your device! Thanks to the mess caused by self-signed SSL certificates, meaningfully protecting the Virtual Pager interface with `https` is essentially impossible. Accessing your virtual pager over `http` from an unprotected network can expose your admin password.
### Turning off the firewall
Hak5 *strongly believes* that *you own your device* and can make your own decisions about security. While we *don’t recommend* disabling the firewall, you certainly can.
To disable the firewall, make the following change in `/etc/config/firewall`:
```none
config include
option name 'hak5admin'
option hak5ver '100'
option type 'script'
option path '/etc/firewall.d/admin'
option enabled '1'
```
To:
```none
config include
option name 'hak5admin'
option hak5ver '100'
option type 'script'
option path '/etc/firewall.d/admin'
option enabled '0'
```
Then restart the firewall with the command:
```none
fw4 restart
```
{% hint style="info" %}
The `fw4` command will print warnings about ignored values in the configuration file. This is normal! The Pager uses these placeholder version values to help when applying firmware updates. Most tools ignore these extra values, but `fw4` likes to complain.
{% endhint %}
{% hint style="warning" %}
If you have disabled the admin firewall, *you must ensure that your root/admin password is strong* and *you should never log into the Virtual Pager from an untrusted network*, such as the Pineapple Open access point (open networks have no encryption) or from an untrusted network you are a client of (such as a conference network, hotel network, or other network that you have connected to in client mode).
{% endhint %}
---
# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.
## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:
```
GET https://documentation.hak5.org/wifi-pineapple-pager/connecting-to-the-wifi-pineapple-pager/firewall.md?ask=&goal=
```
`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.