[solidangle]

NAT is not a security feature, it never was and it will never be. Stateful connection tracking however is a security feature. NAT uses it to route the right packets to the right computers, but firewalls can also use the same feature to drop unsolicited packets. It's nearly trivial to do this with iptables, OpenWRT does it by default, and I'm sure most other IPv6-capable routers do it too. I'm just as secure on IPv6 as I'm on IPv4.

IPv6 also allows you to do weird stuff like using a single IP address per connection, which makes it even harder to address a single computer from the internet.

IPv6 is just as safe if not safer than IPv4, if you use it correctly.

[lisivka]

I use IPv4 (NAT) and IPv6 at home. I can access my desktop behind NAT using IPv6, which is good, but I see attempts to bruteforce root password via SSH, which is bad.

[simoncion]

Definitely don't permit root to log in with a password. It's strongly recommended that you don't allow anyone to log in with a password, only with (password protected) keys stored on their machines.

[solidangle]

So why don't you just run a firewall on your router?