Brother Network-Scanner on Linux with a Firewall in between

Well... Brother printers and scanners can be tricky to get working under Linux because they often use or need their own drivers. Now put a firewall in between and you are ready for some fun... . Yayyy... . I got it to work and documented my way of doing it, so you don't have to 😞. I used ufw with gufw as the frontend. This should work on all firewall's by just replacing the steps in there configuration.

1. Install "Gufw"
2. Go to "Rules", press the "+"-Button, Select "Preconfigured" and find "CUPS", "SANE-Scanner" and if it's still there "SANE-Manual".
3. Make sure to install "sane" and start/enable it.
4. Make sure you have "brscan" installed. There are multiple versions of it, make sure to check which one Brother offers you on there website for your printer. For me it was "brscan4". If you use Arch they are also in the AUR.
5. Make sure you have "sane-airscan" installed.
6. Everything should be working now, right? Wrong! The printer/scanner, after being found and "ping'd" (asked to create a connection) by Sane, will answer back, but separately, which will be blocked by a securely configured firewall. You need to make sure that Sane opens a connection to the printer/scanner DIRECTLY by adding it manually. Normally the IP of a printer/scanner should be static, if you're using DHCP for it's IP, this will need to be updated regularly. You could also just add the printers IP to your firewall and allow it, but that would compromise security BY A LOT. With that out of the way, here is how to manually configure the scanner:

   sudo brsaneconfig4 -a name=MFC_L1234N model=MFC-L1234N ip=192.168.178.63

   -"brsaneconfig4" needs to be your verion (2, 3, 4, 5, ...)
   -"name" can by anything you want (don't use spaces or special characters for your own sanity)
   -"model" Must be your exact model number (With "-" and "_").
   -"ip" must be the IP of your printer/scanner. To find out what IP it has, you can use the WebUI of it, look in the settings if it has a display or disable your firewall, use "scanimage -L" to find it and then re-enable the firewall.

Now, when you launch your favourite scanning tool, such as Simple-Scan, you should see the scanner and sould be able to scan documents with it.

I hope I could help you!

Sources:

• https://wiki.archlinux.org/title/SANE/Scanner-specific_problems
• https://wiki.archlinux.org/title/Sane
• https://wiki.archlinux.org/title/Uncomplicated_Firewall
• https://wiki.ubuntuusers.de/Simple_Scan/
• https://wiki.ubuntuusers.de/SANE-Scanserver_im_Netzwerk/
• https://man.archlinux.org/man/sane-airscan.5.de
• https://www.brother.de/support/treiber
• https://security.stackexchange.com/questions/184323/how-should-firewall-be-configured-to-allow-using-an-image-scanner-over-wifi-to-a