[JohnFen]

> You probably can, but as it's often said, most security breaches are caused by misconfiguration.

Yes, but that's no different with IPv4. What it really means is that we have to learn the intricacies of IPv6 in order to use it confidently. Right now, I am nowhere near comfortable that I have sufficient understanding. That can be fixed through enough study, but is also part of the friction in adopting IPv6.

[hot_gril]

There's that friction, but also blocking traffic in v6 is more complicated per se. v4 only has one kind of address, and it's really hard to mess up NAT in a way that causes a breach. In kind of a stupid way, it's secure by default.

Guess the most likely mishap is a bad router supports upnp and has it on by default, and a bad device maps an actually used port. No PC is going to do that, it'd have to be something like a cheap knockoff security DVR.

[JohnFen]

> blocking traffic in v6 is more complicated per se

I don't think that's the case. I think how you set your router/firewall rules with IPv6 is the same as with IPv4 aside from the addresses being longer.

> it's really hard to mess up NAT in a way that causes a breach

You can continue to use NAT with IPv6. I know that when I make the change, I'll still be using NAT, for convenience if nothing else.