this post was submitted on 29 Dec 2025
13 points (84.2% liked)

networking

3421 readers
1 users here now

Community for discussing enterprise networks and the ensuing chaos that comes after inheriting or building one.

founded 2 years ago
MODERATORS
manifex@sh.itjust.works
13
NAT vs firewall at home (programming.dev)
submitted 1 month ago by emotional_soup_88@programming.dev to c/networking@sh.itjust.works
21 comments fedilink hide all child comments
 

Why would I need to have software firewalls on my devices behind my NAT router at home? The topology is a basic consumer grade one: ISP -> my router (NAT) -> LAN, and vice versa.

If NAT already obfuscates my private addresses through translation, how would a potential adversary connect to anything beyond it?

What "good" would my public IP do for a hacker if I have no ports forwarded?

Is a firewall a second line of defense just in case I execute malware that starts forwarding ports?

I do have software firewalls on all my devices, but that wasn't an informed choice. I just followed the Arch Wiki's post installation guidelines.

you are viewing a single comment's thread
view the rest of the comments
[โ€“] Max_P@lemmy.max-p.me 1 points 1 month ago (1 children)

Not all routers have all that great security either. Even if the admin page isn't exposed to the Internet, you can access it and so does your browser. Just takes a little bit of XSS and oops.

[โ€“] possiblylinux127@lemmy.zip 1 points 1 month ago

Some consumer devices expose services to the internet for some unknown reason.

In IPv6 land some vendors decided that a Firewall is not really necessary