If you're not running a firewall, your router is just as vulnerable as any device behind it would be with IPv6 — that is potentially vulnerable on any port it might listen to. NAT is not a firewall, it's an ugly workaround to a scalability issue.
For most home IPv6 networks, blocking all incoming traffic from the egress port will achieve the same level of security as a NAT'd IPv4. Different router/fw manufacturers would need their own guides on how to do that, but IMO any sane consumer product should be configured like that by default.
For most home IPv6 networks, blocking all incoming traffic from the egress port will achieve the same level of security as a NAT'd IPv4. Different router/fw manufacturers would need their own guides on how to do that, but IMO any sane consumer product should be configured like that by default.
Here's a guide for OpenBSD, for instance. Note how it includes "block all" which means it blocks everything not specifically allowed. https://www.openbsd.org/faq/pf/example1.html#pf