On Saturday January 26 2019 21:18, you wrote to Tony Langdon:
VS> Of course it does more! No packet filter *hides* *src* *addresses* of VS> your internal hosts,
So what? A device on the LAN that communicates with the outside world uses a public address. In the case of IPv4 with NAT it is a public WAN address of the router. In case of IPv6 it is a public address in the prefix range assigned to the router. In either case the address used is "exposed".
VS> and that is exactly what security people love NAT for.
Hmmm... I would rather not put my faith in the hands of a "security expert" that believes in "security through obscurity"...