As you have "proved" through your test -- NAT alone provides some firewall-like capabilities, all by itself.
But NAT does not provide traffic shaping, traffic overload protection, program controlled redirection, or any of the other myriad capabilities of a program controlled router that acts as a firewall. If none of those advanced capabilities are of value to you, then using OpenBSD as a firewalling router might not be of value to you.
But in your test, OpenBSD was an end-use computer, not a router. You were merely proving to yourself that NAT acts as a limited capability firewall. You were testing your NAT router, not OpenBSD, and your test was not evaluating OpenBSD at all.
|