[kiririn]

Parent poster is making the (good and underrated) point that NAT makes this logic failsafe: Turn an IPv6 firewall off and you’ve got all incoming connections allowed. Turn IPv4 NAT off and you’ve got no connectivity at all

[vel0city]

So gate it behind a "here be dragons" option or hide it in the GUI entirely for the basic home version.

[kiririn]

Turning off the firewall could just as easily be a unnoticed configuration error that causes it to die on startup

[pferde]

Or make the "turned off" state block all traffic, just like closing a water valve, or a road gate. I never understood why network firewalls did not default to this.