Glad to hear! Not that you’d want to send email from a residential IP anyway - if not for your ISP, every email service wouls bounce it anyway.

Normally firewall is on the router. Sensitive environments usually run one on the client as well.

It’s not v6 itself, it’s rather lack of layers of nat that prevent forwarding a v4 for most folks.

Fair enough, I guess. Still, I was dumbstruck by lack of ability to open up a port.

It doesn’t fix it, per se, rather removes the need for layers of hacks such as nat and cg-nat. Every device gets a globally routable IP - no need to forward anything, just open the port you want.

IPv6. My stupid ISP actually shipped their router with all inbound ipv6 blocked with no way to unblock it, so I set up opnsense. Works like a charm!