[jherico]

I don't think it's just an OS issue, because people often want promiscuity within their home network, but want a moat and drawbridge keeping the rest of the world from that network. There's too much value in home / office situations where you want discoverability enabled, but only to other devices behind your gateway to the internet at large.

[autoexec]

Not only that, but you don't need your OS handling and selectively allowing or dropping every random packet thrown at your IP either. You don't want to even have to worry about an OS inadvertently revealing info about your devices because of how they're accepting/dropping packets or screwing that up and letting in things it shouldn't. You can offload all that work to your gateway and free up your devices to only handle the traffic that they actually care about.

You can still have a DMZ, servers, and devices directly connected to the internet, but a gateway with a stateful firewall is a wonderful thing and your typical gateway with NAT helps makes things dead simple solving far more problems than it causes.

[chongli]

Personally, I’d prefer not to have this isolation. I’d rather be able to access my home computer, printer, and other devices from anywhere in the world, not just when I’m at home. Moats and drawbridges are an anachronism from the Middle Ages.

[jherico]

Right, but you don't want anyone in the world to have access to your home computer and printer, right?

You're talking about a different problem: How can I extend the concept of my "home network" to the devices that I use and trust regardless of where I am? I'd argue that this is something that suggests that VPN functionality should get built into gateway devices.

Regardless, I don't want scammers in Malaysia port-scanning my 10 year old printer that's never going to get a security update.

[chongli]

I want anyone in the world to have access to my home computer and printer when I authorize it. Right now, to do that I have to configure my router as well as my operating system to allow it. But what if I'm not at home? I might be on someone else's network. Now I am at their mercy to configure the router so that my computer is accessible. In all likelihood, they will refuse to help me.

[teawrecks]

You're talking about widening your attack surface as wide as physically possible (no virtual devices yet). Now you need to ensure every device that can see the internet is perfectly impenetrable. How feasible you think that is?

[teawrecks]

Think doors and keys then. Or "smart locks" and "biometric scanners" if that's still not modern enough for you. There's a cost to convenience. Yeah, it'd be really convenient if your house didn't have any walls, you could just walk into any room from anywhere else. But so could any untrusted party.

Bugs and therefore vulnerabilities are inevitable. The larger your attack surface, the more likely some rando is to find a vulnerability and exploit it. No walls is real convenient up until someone unexpected walks right in and trashes the place.