[justsomehnguy]

> I worry about the loss of the implicit firewall that NAT offers.

... NAT does not offer 'implicit firewall'

It's just what Average Hacker somewhere on the net can't route easily into your local network. If this is no longer an Average Hacker or he is sitting on your wire then the only thing what your NAT 'offers' is your false sense of security.

And by the way, nobody, noone forbade you from having explicit firewall rules denying anything from anywhere, not explicitly allowed. Just like it is done in a proper IPv4 configuration.

[bcook]

> And by the way, nobody, noone forbade you from having explicit firewall rules denying anything from anywhere, not explicitly allowed. Just like it is done in a proper IPv4 configuration.

Sure, in a perfect world, migrating to IPv6 should be safe, but the default configuration on many ISP-supplied routers has no firewalling beyond what NAT offers.

[Dagger2]

Which is nothing. NAT offers zero firewalling.

I won't say there aren't ISP routers without firewalling, but for the most part they're pretty decent at having it. It's just that the firewalling is a completely separate thing to NAT.