Comment by oofbey
6 hours ago
I understand ipv4 networks pretty well. And I would say that any device doing NAT is acting as a basic firewall. Do “true” firewalls do more? Sure. But saying NAT doesn’t provide security is flat out wrong.
6 hours ago
I understand ipv4 networks pretty well. And I would say that any device doing NAT is acting as a basic firewall. Do “true” firewalls do more? Sure. But saying NAT doesn’t provide security is flat out wrong.
If your router had only NAT and someone (i.e. your ISP) sends it a package addressed to somewhere inside your internal IP range, it will happily forward it. A firewall would block it.
Does your ISP attack you often?
Okay, I'm running tcpdump on my desktop. Send me some packets to 192.168.1.127 and I'll watch out for them.
Find me a consumer IPv4 router sold in the last ~10 years that does that by default.
Security comparisons should be between proposed new tech vs. existing tech, not vs. hypothetical straw-man tech.
Find me a consumer IPv6 router sold in the last ~10 years without a restrictive firewall enabled by default. I have never seen one.
Consumer IPv4 router has both firewall and NAT enabled by default, and such packet is blocked by its firewall functionality.