VueScan-Mint-Firewall-Fix/README.md

✅ Fixed: VueScan Can't Detect Brother Network Scanners on Linux Mint 22.1 — "ICMP admin prohibited filter" Solved

Body:

# Solved: VueScan Cannot Detect Brother Network Scanners on Linux Mint 22.1 / Ubuntu 24.04

## ✅ TL;DR
If VueScan doesn’t detect your Brother network scanners unless your firewall is disabled, the issue is likely caused by firewalld zone policies silently rejecting traffic.

**Fix:** Move your network interface into the `trusted` zone.

---

## 🔧 Background

- **OS:** Linux Mint 22.1 “Xia” (Ubuntu 24.04 base)
- **Scanner:** Brother MFC and similar network models
- **Software:** VueScan
- **Firewall:** firewalld (nftables backend)

---

## 🐛 The Problem

Even with the correct ports open and Brother drivers installed, VueScan couldn’t see the scanner.

Running `tcpdump` showed:

ICMP host <hostname> unreachable - admin prohibited filter


Despite:
- Opening all documented Brother ports (UDP 54925, TCP 54926)
- Adding direct rules, rich rules, and nftables manual rules

VueScan still couldn’t discover any scanners.

---

## 🧠 Root Cause

Firewalld’s zone chain system (e.g., `filter_OUTPUT_POLICIES`, `filter_OUT_home`) overrides direct rules unless placed in the exact right spot. Traffic was still being rejected in a deep subchain.

---

## ✅ The Fix

Move your interface to the trusted zone to allow discovery without disabling the firewall.

```bash
sudo firewall-cmd --zone=trusted --change-interface=eno1 --permanent
sudo firewall-cmd --reload

    Replace eno1 with your actual network interface (use ip a to check)

Then verify:

sudo firewall-cmd --get-active-zones

🎉 Result

VueScan now detects all Brother scanners on the network — no reboots required.
🔐 Security Note

This is safe if you're on a trusted home network behind a router. If you need more fine-grained access, you can create a custom firewalld zone to only allow specific IPs and ports.