I assume that your pf(4) is enabled during these tests, you have "scrub" statements in the ruleset and removing "scrub" will restore the expected behaviour on 10.x?
I am slightly amused that on 9.x with "scrub" you're getting the expected behaviour, because clearing FIN bit for SYN packets was the standard behaviour of pf since approximately at least 10 years, http://svnweb.freebsd.org/base/vendor-sys/pf/dist/sys/contrib/pf/net/pf_norm.c?view=markup&pathrev=126258#l1242 Can you show relevant parts of the pf.conf from both machines and output from 'pfctl -s rules' if you are sure that both machines are configured identically pf-wise? Thanks! -- Eygene Ryabinkin ,,,^..^,,, [ Life's unfair - but root password helps! | codelabs.ru ] [ 82FE 06BC D497 C0DE 49EC 4FF0 16AF 9EAE 8152 ECFB | freebsd.org ]
pgp7L6NbFZgXc.pgp
Description: PGP signature
