Their new modem/router doesn't support opening ports in the ipv6 firewall, so if you want to open ports, they recommend disabling ipv6 entirely. For ipv4, they no longer support forwarding ports from only specific source addresses either, which is way less secure. You can only forward ports from all source addresses. You also have to use their crappy app to add port forward rules, it's no longer available in the web ui. You can completely disable the ipv6 firewall in the web ui, but that wouldn't be safe.
Old motorola modem/routers could do all of the above.
It says it can do bridge mode at least, but it seems silly to need 2 devices just to open ipv6 ports.
How are routers being made now in 2023 that don't have proper ipv6 support? It seems crazy to me.
My view on this, at least for higher end devices like laptops, tablets, phones, etc, is that the OS must be secure to threats already because they all support cellular connections, where you will not have a home router to block incoming connections. IOT is, of course, a different story.
The other thing we should all hopefully know is that a lot of threat vectors don't involve incoming connections. Browser zero days, for example.
BTW, all that said, I still don't see why Xfinity can't just provide a better set of knobs on the firewall.