Comment by avianlyric

Using a normal ISP issued router, wouldn’t make a lick of difference if it was IPv4 with a NAT or IPv6 without a NAT. They’re all configured out-of-the-box with a default deny firewall. I’m not actually aware of any residential grade router that doesn’t come configured like this.

Of course if the router is misconfigured, then all bets are off. But that’s true regardless of IPv4 vs IPv6, because people will just compromise your router first and use that as a launch pad for the rest of your network. Just like to do today with plenty of old residential routers.