Hello, since there was a thread earlier in the year about IPF and the Nintendo Switch, I thought I'd add my anecdote for future readers to (hopefully) go through less pain.
Background: The Nintendo Switch hates firewalls and does not use IPv6. It also uses peer-to-peer multiplayer and is not good at UPnP or hole punching. Nintendo's official advice is that to use multiplayer, you should disable the firewall or use a DMZ. Obviously, this is non-preferrable. If you go into the "Internet" settings on a Switch, it'll give you a "NAT Rating" (letter graded). In many cases this will be D (i.e. multiplayer will not work in most cases). Solution: In the end, I assigned the Nintendo Switches in the house static addresses on the local network, and added "no-ports" to my NPF firewall's NAT rules: inet4($ext_if) dynamic no-ports $localnet -> inet4($ext_if) This disables port translation and improved my Switch's NAT grade from D to B. Everyone in the house is very happy that they can now play Pokémon online.
