NAT was never intended to be a firewall and there are mulitple ways of bypassing it to talk to the hosts behind it without them initiating a connection. A new method was just discovered (link: https://samy.pl/slipstream/).
It's very very easy to replicate the filtering behaviour of NAT for situations where its being used that way. Simply block connections into the network that weren't initiated by clients in the network itself. Every stateful firewall can easily handle that and it doesn't come with the security loopholes of NAT.
It's very very easy to replicate the filtering behaviour of NAT for situations where its being used that way. Simply block connections into the network that weren't initiated by clients in the network itself. Every stateful firewall can easily handle that and it doesn't come with the security loopholes of NAT.