[MichaelGG]

You still need UPnP or something, otherwise your IPv6 default firewall policy (allow out deny in) is going to block inbound connections.

Yes, it's easier to hole punch, but a webserver won't do that.

And if you're manually configuring a firewall, I'm not sure "allow port 80 <someIPv6>" is any easier than "forward port 80 to <someipv4>.

What am I missing?

[jnky]

I think you are missing a lot. For instance, I have IPv6 set up at home, at work and at some homes of friends and family. I have firewall rules setup such that traffic from subnets I know is generally allowed instead of allowing access to a single port for the general internet. I also have DNS set up with names like computername.sitename.mydomain.tld

That allows me and the people I know to connect to each other's machines in a way that wouldn't be possible with IPv4 and NAT. I can be at my brothers and type \\[fqdn] in explorer and it will just work. To me, that is the way the internet was meant to function from the beginning.

[MichaelGG]

If you're able to configure firewall rules, you're well outside of any normal users able to make up a significant amount of P2P traffic. And to most users, port forwarding and configuring a firewall rule are nearly identical.

Truth is that for most users, NAT today is almost always synonymous with a firewall that has deny in, allow out policy.

10+ years ago, a lot of folks often connected their machines to the Internet in the way you specified. You could go around scanning people's systems, viewing their fileshares and so on. NAT "fixed" a lot of that.