[calpaterson]

Most home routers already act as an inbound firewall. Regarding "back to square 1" - the aim of IPv6 is not to expose thousands of poorly secured LAN devices to the public net - it's to restore the point-to-point nature of the internet. I would still expect most LANs to be firewalled when IPv6 is adopted

[e12e]

Just to expand on that, with IP6, it would make sense to simply give every router, DSL "modem" etc a [ed: theoretically, publicly] routable ipv6 subnet. This makes (in theory) everything easier: the firewall can simply block/allow -- no need for long chains of NAT-rules. It might make networks marginally more transparent -- but it really means very little in terms of security. Nor really for privacy.