Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

While I agree that IPv6 makes NAT obsolete, I, unfortunately, don't see NAT going away even after everyone is 100% on IPv6. Too many people/companies rely on NAT for "security" for it to completely die.


At worst, I see NAT being replaced with default-reject-unless-associated-with-an-existing-internally-initiated-connection border firewalls everywhere a sysadmin with half a clue works.


And that's what I would do (basic stateful inspection), but there are too many organizations (especially SMBs with little/no I.T. staff onboard) who will simply use NAT with IPv6 to get that same end result.


We'd probably be better off giving those people a default-deny firewall and calling it NAT to pacify them. But I doubt that will happen.


I could maybe see Cisco doing such a thing.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: