- Did you disable UPnP on your router? If not, any device behind the router can simply ask the router to open a port, typically without authentication, bypassing this "firewall" completely.

- TURN and STUN trivially bypass this side-effect, and a side effect of that is a third party has to often be involved, which can be collecting data later leaked or used against you.

- The monstrosity of NAT is that it's the core thing that drives centralization - because of NAT any two Internet hosts generally have to involve a third party to communicate, a third party which again, can be collecting data later leaked or used against you.

If you don't care about the security implications of the above, then you don't really care about the "firewall" either.

IPv6 routers use a stateful firewall just like NAT includes. Just without the problems of NAT.

No, it does not. Always use a firewall if you need a firewall. NAT is not a replacement for it.

You just have outbound NAT enabled, so that your internal nodes can access the internet, no mapping to any internal nodes is set from the outside and no firewall. (just NAT alone) So all packets to your router's address will terminate at the router. Right?

OK, let's say I send a packet to your router's external interface with destination IP set to internal address of one of nodes in your network.

Will it reach your internal host? Will I get a response? ;-) I hope you now appreciate how NAT is not a firewall at all.

NAT has the side-effect of working as a shower curtain. It will mostly keep light drops of water out, but will not stand up to a fire.