Comment by xl-brain
9 hours ago
https://arxiv.org/abs/2509.04792?
"Collectively, our results show that NAT has indeed acted as the de facto firewall of the Internet, and the v4-to-v6 transition of residential networks is opening up new devices to attack."
ISP hosting a virtual machine you remote desktop into from internal network as the only way to access the external internet can also work as a "de facto firewall".
But the best de facto firewall is a proper firewall.