[MichaelGG]

That's an interesting viewpoint and would go against practically everyone's (except the IETF's) expectation for the NAT to provide a default firewall-esque policy.

I suppose if you view NAT to "facilitate communications" then mapping a port for all inbound IPs instead of symmetric makes sense.

[zurn]

In my experience people behind NAT very much like Skype, games, WebRTC, file sharing etc to work. They're usually not very knowledgeable about firewalls but most often used host-based firewalls. Which is good since they're generally much more easier to configure according to your app needs.