Networking noob here. I want to prevent all incoming requests except through a specific port, and that traffic is forwarded to a specific device on the network. NAT seems to do that just fine, it's almost like a kind of firewall by itself. What kind of threats are there that requires more than just NAT for security?
IPv6 can use NAT; there are some unfortunate souls out there whom are only getting a /128 (one address, basically) by their ISP, instead of a /64 or /48