>Most consumer routers also implement a stateful firewall with deny-by-default inbound policy.

No they don't.

Most ISP boxes only implement the bare minimum of functions to make sure that youtube is available to the users. Which includes NAT, because otherwise youtube does not work, and does not include anything else.

Well, that's news to me. I don't use consumer routers myself, but I know lots of folks who do. Now, I won't say that I go investigating their home networks, but IPv6 is rather prevalent among the discount ISPs where I live, and I know of at least two coworkers who have an IPv6 firewall by default with their router.

Anyway, NAT is costlier than a firewall. It uses more memory, it requires rewriting packets on-the-fly, and typically if you're using embedded Linux (I'll assume that the vast majority of consumer devices for this are) then you're already using `iptables` or `nftables` to get NAT functionality. It is comparatively to set default inbound/forward drop policies.

But yes, I should have said "in my experience," since it's true that I only know the networking equipment of a few people in a small country with limited IPv6 rollout (my ISP does not provide it).