Networking noob here. I want to prevent all incoming requests except through a specific port, and that traffic is forwarded to a specific device on the network. NAT seems to do that just fine, it’s almost like a kind of firewall by itself. What kind of threats are there that requires more than just NAT for security?
You don’t know what your ISP-provided router does exactly. It may let some traffic through from the outside. It may get an over-the-air firmware update or config change at any time from your ISP. It definitely has well-known, unfixed vulnerabilities.
Also, if you rely on NAT, you have to have 100% trust in all devices that are inside your network.