Lots router have UPNP disabled or blocked, and thing still work. UPNP isn't great.

First The firewalls are stateful. Client inside your network attempts to connect to some system outside. The firewall adds an entry to the state table with client ip, destination ip, protocol, ports, and so on. If an incoming packet is received by the firewall, the state table is checked. If there is an matching entry for the ips, proto, ports, etc, then the packet is forwarded. If there is no match the packet is dropped or rejected depending on your config. So it is easy to permit packets based on the interface it was received or transmitted on.

Ports can be opened for some incoming traffic pretty much the same with as IPv4 using STUN, TURN, and so on.

Past that, you can do manual port forwards the same way you do with IPv4.

I understand how stateful firewalls work. But to allow game servers etc to run, you need to explicitly accept incoming connections somewhere, as you don't know the IPs in advance that will connect.

Then if you're using STUN and TURN (which you'll have to, because non technical users do not find configuring firewalls easy) then what is the advantage of IPv6 to a consumer? There is no real p2p benefits.

I'm trying to call out this contradiction:

1) You need a firewall on IPv6 instead of relying on NAT, otherwise everything is routable globally and insecure 2) There will be this glorious new p2p world for consumers with ipv6

If you need a firewall, then really for non technical users you cannot have this p2p world. It is too complicated.

Create a DNS name ntp.yourdomain.example.org that points at your internal ntp servers.

Configure your ntp clients to use the name, and maybe add a pool.ntp.org entry or two into your configs.

> Configure your ntp clients to use the name

So how do you do this hands-off, ie without manually changing things on the clients, without DHCPv6?

> So what kind of 2FA would be homeless-proof?

Almost certainly is a bad idea. But the first thing that seems like it could work would be an implantable nfc yubikey. Then making more devices support nfc.

I know I would be pretty tempted to get an implantable 2FA device if one was available and seemed like it would have both broad and long term support.

Ah, yes

I can read the headline now

“GOVERNMENT PROGRAM TO CHIP HOMELESS PEOPLE LIKE DOGS TO PROVE IDENTITY”

I implore you to read The Scarlet Letter and perhaps read up on [similar such things](https://en.wikipedia.org/wiki/Identification_of_inmates_in_G...).

Oh come on now, you're being a little harsh. They prefixed the comment with "Almost certainly would be a bad idea"

How could you possibly come to the conclusion that a homeless person could afford a surgically implanted 2fa token?

You might be talking about 'Bowl of Heaven', 'Shipstar', and 'Glorious' by Larry Niven and Gregory Benford perhaps?

Yup that’s right. I couldn’t remember.

> I would bet you can hire an excellent, technically competent CEO for Mozilla for $250k a year.

But how long would they stay after other companies learn this new person is actually competent and start throwing money at them.

Never heard of regulatory capture?

If the government regulates something, that very often means that the incumbents will donate/bribe officials to pass regulations that favor the mega corps.

Getting government regulations that actually favors the consumers is somewhere between difficult and impossible.