[alphazard]

It should be possible for every device on the internet to easily communicate with ever other device. A silver lining of the poor designs of the past is that it is practically very difficult to attack services listening on private network addresses. This difficulty also makes it hard to do useful things.

IPv6 is a step in the right direction, but the resolution to security issues can't be more firewalls or more network equipment. It has to start with operating systems. It is completely ridiculous that applications have access to the network and most of the filesystem by default. Operating systems need to give limited access to the filesystem and other services so that a compromised service isn't a big deal. A successful attacker doesn't own the whole system. They owned a poorly written application and the small sandbox that it's in. This is an obvious idea to most engineers, but neither windows nor macOS get this right out of the box. The iPhone's sandboxing model and fine-grained permissions are way ahead here, but there is still more improvement to be had.

And then there's the issue of most applications not requiring network access in the first place. There is no reason for Word, Photoshop, Blender, etc. to ever need access to the network. A firewall that only administrators can manipulate is also not a solution, that has to be in the users hands as well. Reasoning about a global table of rules is the wrong UX.