I think inbound protecton is something that should be rated just like the leaktests are. All known exploits tested against each firewall. I am sure such a website will emerge just as the leaktest websites have. I have contacted Melih of COMODO and although the current help file for CFP does not go into in-depth details of the inbound protection such as ARP filtering, they are working on an "under the hood kind of manual" that I look forward to. I think all software firewall developers should do this.