Let's say for arguments sake that I block everything from entering my network unless explicitly originating from my local Linux/Windows box, so no 'port-forwarding' enable and UPNP explicitly disabled gateway FW (and presumably the OS too?....).
I can test and verify this works and then slowly enable / open ports as I require for services I want to allow remote incoming connections to, such as web-servers, FTP , Skype, anything I like etc
I get this, it seems clear :)
A Mastodon instance for info/cyber security-minded people.