What ordinary people (as opposed to IT departments) really want is firewall that can't be accidentally disabled by pushing an overly permissive firewall rule.

NAT/port forwarding, for all their faults make it rather difficult to write rules allowing traffic to a machine you didn't intend to expose to the world.

Consumer routers have very similar UI for managing an IPv6 firewall as IPv4 NAT port forwarding.

This is not in any way a benefit of NAT.

Then... make the firewall UI so that you can't accidentally push an overly permissive firewall rule?

Just because NAT accidentally achieves some good outcomes doesn't in any way imply that said good outcomes are somehow exclusive to NAT.

Yeah but the average person wouldn't know to set up a firewall (and can't count on their ISP to have their best interests at heart.) Therefore the general public benefits from the degree of protection that NAT provides.

Almost 50% of internet traffic is IPv6.

Obviously, those average people have a suitable firewall provided by default on their routers.

I think the vast majority of that is from phones?

It will vary by country, but for example all but one of the large broadband ISPs in the UK use IPv6.

Do they?

Then just enable the firewall by default, or don't even provide a way to disable it unless the user enters "developer/advanced/Pro (tm)" mode. None of these are valid excuses for NAT.