> In all likelihood, IPv6-supporting home routers will ship with a stateful firewall enabled by default.
My thinking is router manufacturers will probably not do this. Because if you don't have a firewall and expose all your computers to the Internet via IPv6, Everything Just Works (assuming the rest of the world uses IPv6, which will be a close approximation to the truth in the future world we're talking about). Which means those insecure routers will have a better user experience for the vast majority people in the market, who don't have a clue about networking and would rather gouge their eyes out than learn about it.
Routers currently don't do this for IPv4 for a good and simple reason: When you're assigned a single public IP by your ISP, there's no way to automagically tell which host is supposed to receive an inbound connection.
The "good" news (from a security standpoint) is that the most clueless will probably be using IPv4 for a long time to come, helped along in their foot-dragging by the eventual release of IPv4 space by early adopters of IPv6-only.
I don't think so - putting "WITH FIREWALL" and "SHIELDS YOU FROM EVIL" will cost manufacturers maybe a few cents and is almost guaranteed to boost sales.
And for services running behind that router there'll probably be some kind of PNP port opening (so there can be "PLAY WITH FRIENDS EASILY" next to those other stickers)
My thinking is router manufacturers will probably not do this. Because if you don't have a firewall and expose all your computers to the Internet via IPv6, Everything Just Works (assuming the rest of the world uses IPv6, which will be a close approximation to the truth in the future world we're talking about). Which means those insecure routers will have a better user experience for the vast majority people in the market, who don't have a clue about networking and would rather gouge their eyes out than learn about it.
Routers currently don't do this for IPv4 for a good and simple reason: When you're assigned a single public IP by your ISP, there's no way to automagically tell which host is supposed to receive an inbound connection.
The "good" news (from a security standpoint) is that the most clueless will probably be using IPv4 for a long time to come, helped along in their foot-dragging by the eventual release of IPv4 space by early adopters of IPv6-only.