Firewall/NAT

After reading some posts ( such as this one http://forum.m0n0.ch/index.php/topic,3526.0.html#msg10991 )  I thought I try to revive the discussion and either be enlightened if I have missed understanding something, or renew the plea for port-triggering in m0n0wall.

While I am far from an expert on this, it seems UPnP, while it does do automatic port triggering as part of what it does,  is not the same as "plain" port triggering (the way Linksys and other routers implement it) where one actually specifies the trigger port and the triggered/forwarded ports, aside from UPnP.

Then again it seems port triggering, where the triggered ports are forwarded only while the trigger port is active, is yet safer than having the ports permanently forwarded with NAT and rule.

So while there seems to be an understandable opposition to UPnP, port triggering seems, at least to me a good and simple feature to include, and also safer than just plain forwarding the ports permanently, which is the only option now.

Any and all comments welcome.   

In a perfect world, everyone would implement IPv6 and no one would ever need to NAT again.  But that will be a while yet 

Personally, I think UPnP would be a good option but only IF it could be done with a bit of security.  For example, a white list of IP's or MAC's that are permitted to use UPnP.  Just having UPnP wide open like the wild west is a bad idea.  The biggest (or only, rather) use I have for UPnP is for getting multiple xBox's to work properly with NAT.