[deknos]

Of course it's not insecure because of NAT.

NAT (in all its forms) is just a very convenient technology for many people and niche situations.

And adoption of IPv6 will be hindered as long as NAT is not a first class citizen.

And of course, mostly NAT should not be used as "firewall replacement". But what many firewall proponents forget here:

NON-IT People at home cannot run and manage a firewall (and proxies). For them, NAT is a convenient and mostly okayish replacements.

Another niche would be IP Packet Handling of VMs.

[Thiez]

Surely for the people who cannot run and manage a firewall the default 'deny incoming' rule that basically every single consumer router ships with works just as well to protect from incoming traffic as NAT? I notice many comments are assuming a sanely preconfigured NAT on routers, but are also assuming either no firewall or one without any preconfigured rules. It seems like a strawman to me.

[Dagger2]

We haven't forgotten that, but we're also aware that non-IT people can't run NAT either. They can plug in a box that already has NAT configured though, and if they can manage that then they can also plug in a box that already has a firewall configured.

VMs work fine without NAT too -- DHCPv6-PD lets the VM software automatically request a routed prefix.