> A lot of people expect a stateful firewall blocking incoming connections on their local network.
Totally! That's why that's the default setting for almost every router out there.
> Applying the same NAT system that is used for IPv4 to IPv6 is probably the best way to get this layer of security.
No? The default firewall rules will work just fine.
> So maybe keeping the stateful firewall by default is the best option.
Agreed. That's why routers ship with fully-closed firewalls for both IPv4 and IPv6. Incoming connections need firewall exceptions, either manually or through UPnP depending on how you've configured your network.
In fact, because of NAT issues like NAT slipstreaming, an IPv6 firewall is even more closed off than any IPv4 firewall that needs to let through FTP(S), SIP, and many other protocols depending on both sides of the connection using IPv4 as designed.
Totally! That's why that's the default setting for almost every router out there.
> Applying the same NAT system that is used for IPv4 to IPv6 is probably the best way to get this layer of security.
No? The default firewall rules will work just fine.
> So maybe keeping the stateful firewall by default is the best option.
Agreed. That's why routers ship with fully-closed firewalls for both IPv4 and IPv6. Incoming connections need firewall exceptions, either manually or through UPnP depending on how you've configured your network.
In fact, because of NAT issues like NAT slipstreaming, an IPv6 firewall is even more closed off than any IPv4 firewall that needs to let through FTP(S), SIP, and many other protocols depending on both sides of the connection using IPv4 as designed.