Firewall Blocks Printer

The printer works fine with firewalld stopped, but gets blocked when enabled:

erlangen:~ # LANG=C lpstat -t
scheduler is running
system default destination: Brother_MFC-255CW
device for Brother_MFC-255CW: dnssd://Brother%20MFC-255CW._pdl-datastream._tcp.local/
Brother_MFC-255CW accepting requests since Mon Nov 11 19:51:08 2019
printer Brother_MFC-255CW now printing Brother_MFC-255CW-12.  enabled since Mon Nov 11 19:51:08 2019
        Der Drucker kann nicht lokalisiert werden
Brother_MFC-255CW-12    karl              1024   Mon Nov 11 19:26:27 2019
erlangen:~ # 

Firewall settings are:

erlangen:~ # firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: enp0s31f6
  sources: 
  services: dhcpv6-client http minidlna
  ports: 8200/tcp **137/udp** **161/udp**
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 

erlangen:~ # 

Any idea?

Yes,
When setting up a network printer, you have to determine the protocol used (There are several possibilities) for that printer and open up the required ports

You can look up the ports you describe in any IANA assigned ports table and determine that the ports you have open now are for NetBIOS (typically Windows/CIFS shares), SNMP (? possible but in a tiny network not that common) and a port above 1024 which can be anything but unlikely for a standard protocol like what your printer would use.

TSU

As you’re relying on the DNS-SD backend, I would make sure mdns/dns-sd is allowed in the firewall…

sudo firewall-cmd --permanent --add-service=mdns
sudo firewall-cmd --reload

Sorry: You must spread some Reputation around before giving it to deano_ferrari again.

All good. Glad to have been of assistance.