I like that none of my local devices are externally addressable unless an outgoing connection has been established.
This can also be achieved using (other) firewall rules.
but then it’s essentially just maintaining a NAT table without the translation piece.
So… a firewall?
NAT isn’t a security feature and shouldn’t be relied on for managing access to hosts.
It also breaks the assumption of IP that connections between hosts are end-to-end, which requires sophisticated solutions so that everything works (more or less).
I too employ NAT to make services accessible over IPv4. But only because it doesn’t work otherwise. Not because it “makes sense”. I don’t use it at all for IPv6.
This can also be achieved using (other) firewall rules.
So… a firewall?
NAT isn’t a security feature and shouldn’t be relied on for managing access to hosts.
It also breaks the assumption of IP that connections between hosts are end-to-end, which requires sophisticated solutions so that everything works (more or less).
I too employ NAT to make services accessible over IPv4. But only because it doesn’t work otherwise. Not because it “makes sense”. I don’t use it at all for IPv6.