That it's possible to implement network security well without using
NAT does not contradict the claim that NAT enhances network security.
I think we're each overgeneralizing from our individual expeience.
You can configure a V6 firewall to be default closed as easily as you can
configure a NAT. Once you start making exceptions, it depends on the
nature of the exceptions, the way you tell the router about them (CLI, web
crudware, whatever) and doubtless other stuff too.
Regards,
John Levine, jo...@taugh.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly
