[mgulick]

I get an IPv6 address from my ISP (a /56 I believe), but I wish there was some good information on how to update my OpenWRT VLAN configuration, routing, and firewall rules to be able to support native IPv6 on my devices. Would love to be able to have direct IPv6 connections to the internet from my devices, but I want to make sure I can do it safely.

[_bernd]

You only need to set nothing and it should setup ipv6 on all downstream vlan interfaces. For static prefix I'd you can set ip6hint per vlan interface. For each vlan interface you need a stanza in the DHCP config file. And regarding firewall, as with the default lan zone you might need to add new zones with the vlan interfaces and configure forwarding rules. That's it.

[nzeid]

This was surprisingly complicated for me on Altice/Optimum, which is why my home didn't have IPv6 for a while even after they started provisioning.

We actually have a /128 address only, and had to tweak several settings including enabling IPv6 masquerading (NAT).

I haven't the slightest clue why they didn't give us a block.

[dlcarrier]

Yeah, I'm in the same boat. I like the idea of being able to remotely connect to anything on my network, but I know just enough about networking to be dangerous, and don't trust my self to set it up securely, so I have IPv6 disabled on my router. With IPv4, it's physically impossible to mess up the firewall and NAT settings enough to make local devices public.

[Dagger2]

It's honestly not that hard. Tell your router to reject new inbound connections from the WAN interface, and you're done.

You have to do the exact same thing to make sure inbound connections aren't possible on v4 (even with NAT in the picture), so you might well have already done this or got it from the default ruleset. Plus it's trivial to test, by attempting to connect from another network.