Comment by kstrauser

Not really. I’m sure there exists some brain dead CPE without a default-deny firewall. It’s just that I’ve never physically seen once, since around 1999 or so.

Bigger commercial gear, sure, but those would be special-purpose equipment that don’t support NAT either.

To a rounding error, everything which has NAT enabled by default also has a default-deny inbound firewall enabled by default.