Re: Turn off uPNP
"It's not the device getting out, it's someone outside getting in to get to the device, and dropping a payload on it."
The point is, your average firewall allows outgoing connections by default. Otherwise, things break. If your IoT device can scramble itself often (both MAC and IP), then you won't be able to get an egress block to stick. And once it's out, then that connection (which is TWO-WAY) allows the way back in. A rogue or hacked C&C server can pwn it regardless of your network setup, and Bob's your uncle.