[MindSpunk]

NAT is not a security device. A firewall, which will be part of any sane router's NAT implementation, is a security device. NAT is not a firewall, but is often part of one.

Any sane router also uses a firewall for IPv6. A correctly configured router will deny inbound traffic for both v4 and v6. You are not less secure on IPv6.

[general1465]

Misconfigured firewall is a gaping hole. Misconfigured NAT is not letting data from outside into your local network.

So firewall is actually worse than NAT.

[Dagger2]

Even a correctly-configured NAT will let connections in from outside, and a lot of people don't understand this.

Personally I'd count "your security thing doesn't actually do the thing it's supposed to do" as being pretty bad on the security scale. At least people understand firewalls.

[general1465]

> Even a correctly-configured NAT will let connections in from outside, and a lot of people don't understand this.

Yes, that's called port forwarding and it is normal thing. You actually want that.

[Dagger2]

It will let them in without a port forward in place. The port forward just rewrites the IP on an incoming connection, nothing more.

[general1465]

If you can reuse opened connection, but that will work with firewall too.

[Dagger2]

You don't need any tricks like that. Regular new connections will work.