I was thinking that a home network that is not behind a router may be vulnerable to a spoofed IP header attack. IF CFP defines the home network IP range as trusted, an IP packet arriving at the firewall with a spoofed header that id’s it as from the trusted range would pass through, not so? Is there any distinction between computer-computer LAN connections and computer-modem connections that CFP uses to distinguish such packets as from outside the LAN?