[BrianGragg]

Leaned on heavily to protect cheap IOT devices. Could you imagine the bot armies if every IOT device was NOT behind a NAT?

[Zen1th]

NAT shouldn't be used as a replacement for a firewall. So the answer was always to set up a firewall.

[briffle]

NAT is not a firewall. NAT is a 'hack' that some firewalls use. My university only used routable IP addresses, but due to the wonders of firewalls, you could not connect to the HP printers in the library over the internet. Even though it had a routable IP.

[throw0101b]

> Could you imagine the bot armies if every IOT device was NOT behind a NAT?

Why? Firewalls have been around since before 1994, when Cheswick and Bellovin literally published the book on firewalls:

* https://en.wikipedia.org/wiki/Firewalls_and_Internet_Securit...

[Dalewyn]

The virtues of NAT lie more in their nature of being blanket blacklist firewalls by default.

This can indeed be replaced with firewalls on each IPv6 client, but you have to concede that just putting a router between your computer and modem adds a ton of security for very little effort or know-how.

But NAT in itself is a workaround for IPv4 limitations with significant problems, which has become permanent because there's nothing as permanent as temporary solutions.

[Symbiote]

Every IPv6 router for home or small business use is initially configured with a default-deny firewall. The same for every router supplied by an ISP.

This is so basic that any argument against it needs some strong evidence.

You can search "IPv6 pinhole" and find plenty of documentation from router manufacturers and ISPs on this.