Is there a way to set up the TC so that its firewall silently ignores anything unauthorized, like a normal firewall does?
Sorry, but no. This is not a feature of the Apple routers. If this is important to you, I would recommend that you use a router that offers this feature, like those provided by Cisco.
Interestingly, Apple provides this feature on their Macs, but not their routers.
I found a temporary work-around. Under "Network > Network Options", there is an option to "Enable default host at:". I'm guessing that this would be the DMZ host. If I enable that and provide an internal IP address outside of the DHCP range, then unathorized accesses are routed to this nonexistant machine.
My worry there is that now, all unathorized accesses will turn into extra traffic on my internal network, broadcasting on my wireless, etc. (because the switches don't know the route to the host, they have no choice but to send out on every leg of the network).
So I'm hoping we can find a proper solution to this.