On the routers which do support IPv6 firewall rules today, the implementation is not ideal. This is because most ISPs cycle IPv6 delegated subnets regularly, which make the rules invalid. Some ways to get around this

1. Allow disabling the IPv6 firewall completely
2. Let us open specific ports towards all LAN IPv6 hosts
3. Allow wildcard masks so that one can match only the last part of the IPv6 (which is derived from the MAC address and is constant) so that even when the address is cycled, the rule matches the same device
4. Allow matching rules with destination mac