I've read a handful of threads about the IPv6 "firewall" (likely misreferenced as an ACL). I saw from searching the forums in a somewhat recent thread from 2025 there is a "deny all by default" ACL for IPv6 on the E605v2 router. Still, I'm not feeling particularly reassured that by enabling IPv6 I won't be accidentally exposing my local devices to the public internet... I suppose similarly with IPv4, but I'm at least familar with the "protection" afforded through NAT. I'm looking for some clarity on the default ACL rules. I'm using an E605v2 as my router. I don't see any rules under any of the ACL categories in my Controller UI (v6) (unless that's because I don't have IPv6 enabled)

Additionally I see in the "help center" info bubble for ACLs this line:

"If no rules match, the device forwards the packet because of an implicit Permit All clause."

Which makes it sound like the default wouldn't be "deny all" from WAN to LAN.

Is the default ACL to "deny all" for externally-initiated traffic? Should I be expecting to see a default "deny all" rule in the controller UI? Should there be some other visual indication of the default ACL being "deny all" for externally-initiated requests to my devices?

I'm just looking I get clarity that activating IPv6 won't open my devices up to the internet (without me explicitly opting in). I suppose the same is true for IPv4. If the default is "deny all" (is it?) it'd be nice to see that reflected in some way. I'm new to the Omada ecosystem and I'm a bit nervous about accidentally compromising my network before I've gotten a chance to better understand what I need to do to protect myself.

Thank you!