✅ Fixed: VueScan Can't Detect Brother Network Scanners on Linux Mint 22.1 — "ICMP admin prohibited filter" Solved Body: # Solved: VueScan Cannot Detect Brother Network Scanners on Linux Mint 22.1 / Ubuntu 24.04 ## ✅ TL;DR If VueScan doesn’t detect your Brother network scanners unless your firewall is disabled, the issue is likely caused by firewalld zone policies silently rejecting traffic. **Fix:** Move your network interface into the `trusted` zone. --- ## 🔧 Background - **OS:** Linux Mint 22.1 “Xia” (Ubuntu 24.04 base) - **Scanner:** Brother MFC and similar network models - **Software:** VueScan - **Firewall:** firewalld (nftables backend) --- ## 🐛 The Problem Even with the correct ports open and Brother drivers installed, VueScan couldn’t see the scanner. Running `tcpdump` showed: ICMP host unreachable - admin prohibited filter Despite: - Opening all documented Brother ports (UDP 54925, TCP 54926) - Adding direct rules, rich rules, and nftables manual rules VueScan still couldn’t discover any scanners. --- ## 🧠 Root Cause Firewalld’s zone chain system (e.g., `filter_OUTPUT_POLICIES`, `filter_OUT_home`) overrides direct rules unless placed in the exact right spot. Traffic was still being rejected in a deep subchain. --- ## ✅ The Fix Move your interface to the trusted zone to allow discovery without disabling the firewall. ```bash sudo firewall-cmd --zone=trusted --change-interface=eno1 --permanent sudo firewall-cmd --reload Replace eno1 with your actual network interface (use ip a to check) Then verify: sudo firewall-cmd --get-active-zones 🎉 Result VueScan now detects all Brother scanners on the network — no reboots required. 🔐 Security Note This is safe if you're on a trusted home network behind a router. If you need more fine-grained access, you can create a custom firewalld zone to only allow specific IPs and ports.