Comment by Thiez

Surely for the people who cannot run and manage a firewall the default 'deny incoming' rule that basically every single consumer router ships with works just as well to protect from incoming traffic as NAT? I notice many comments are assuming a sanely preconfigured NAT on routers, but are also assuming either no firewall or one without any preconfigured rules. It seems like a strawman to me.