[saltminer]

> I really do not want this.

Then disable it. IPv6 SLAAC privacy extensions are device-controlled, meaning neither your ISP nor your router can force you to use/not use them (unless they're so incompetent that they do things like hand out /128s).

I disable privacy extensions on my server so that I can give it a static IP within the prefix, so I can vouch that (at least on Linux) the process is quite simple.

[hot_gril]

Well, what I do is disable ipv6. I don't want the possibility that this is misconfigured, especially if the defaults tend to be wrong. Maybe my router doesn't even respect my firewall settings, like this: https://community.verizon.com/t5/Fios-Internet-and-High-Spee... Maybe the customer is wrong, but this shouldn't even be a question.

The rare times I want something publicly accessible, I use DMZ or port forwarding.