I guess I'm not explaining myself very well.
"Stateful Firewall" is so ambiguous as to be virtually meaningless. Most stateful firewalls
have thousands of knobs, dials, and levers, all sorts of different policies and ACLs... Set
one lever to a wrong position and you get pwned.
Every stateful firewall I've ever seen takes fairly deep networking knowledge to set up and
maintain. And they're all different! Cisco experience doesn't help much with Sonicwall or
Linksys or Netscaler or Barracuda.
NAT, on the other hand, is either on or off. On, you're presumably safe. Off, you're not
safe. Terminology is consistent across all manufacturers. Go ahead and explain how to set up
a NAT to your boss over the phone. He'll catch on pretty quick. And *that* is why NAT has
taken over the world.
So, no. Replacing NATs with stateful firewalls as they exist today would be a big step
backward for network security worldwide.
Do the IPv6 devs realize that they need to consider usability too?