IPv6

Yeah, talk about embarrassing.  If it were a *real* switch (say, a 2960/4948) then I'd have known offhand that something was wrong.  This is home infra, though, so I'm using a cheapist OEM Allied Telesys quasi-managed switch that gets a tad confused sometimes.

That link-local address on the WAN interface threw me for a bit, too.  If you execute "ifconfig -a" via exec.php, you'll see that gif0 has two addresses assigned -- the first is the local, the second is the real one.  If I had to guess, I'd say that the GUI interface display is only picking up the first address and displaying just that.

Anyway ... thanks again.  Now I need to put a bunch of ACLs in place