>	my `router' has four interfaces:
>
>		- ep0, connected to MediaOne as a `host'
>		- ex0, connected to my home ethernet
>		- wl0, connected to my home wireless net
>		- ppp0, a tunnel endpoint.
>			(for a PPP-over-SSH tunnel to my employer's net,
>			 which goes out over ep0...)
>
>	ep0 should be a `strong host' interface; i don't want someone
>	to be able to forge traffic into my home LANs just because
>	they know the external address of my router..

ep0 should not be a "strong host" interface (at least according to my
understanding of the definition that's evolved here), but instead a
"strong router" interface.  and the stuff that you want to block
should probably be filtered...

...oh wait.  you're using a cable modem with nat, right?

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org             * "ah!  i see you have the internet
twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
andrew@crossbar.com       * "information is power -- share the wealth."