NAT isn't protecting them. Not being on the public internet at all is protecting...

xl-brain · 2026-01-21T06:02:42 1768975362

This is splitting hairs. The point stands that PAT is the de facto firewall for most soho users.

dissent · 2026-01-21T06:15:30 1768976130

Not in the context of claiming NAT offers protection.

An ipv6 lan with default ingress deny is more secure than ipv4+nat

xl-brain · 2026-01-23T00:12:27 1769127147

I think you missing my point. My point is not that IPv6 cannot be secured, it is that the author's take is controversial because people are skeptical about whether networks ARE being secured when NAT is not present. This skepticism is backed up by the research paper that I quoted and real world experience. IPv6 is deployed in many places incorrectly and without the good defaults. IPv4 NAPT in residential networks acts as a last line of defense because most users have been incapable of turning it off.

I suppose I will distill my thought into the assertion that the author should have prefixed his title with "In capable hands,"...

Dagger2 · 2026-01-23T03:31:49 1769139109

The point is that NAT offers no security, so it doesn't make sense to be skeptical about the security of a network just because it doesn't have NAT.

The only way to be confident is to have a firewall, and you can do that on v6 just as well as you already do on v4.