Continue to explore ipv6. Network with multiple subnets configured and running. From the Internet has opened access to multiple services through ipv6, while for the test.
From the Internet, all the extra blocks, but it is better to divide the internal subnet?
In ipv4 shared by masks. Everything is closed, is possible only where allowed. Need the Internet, you can connect to !192.168.0.0/16 (all who are not from the local area) or in the neighboring network 192.168.20.0/24.
In ipv6 while only one idea: allow all and block a range of ipv6 global addresses from a different subnet, where you cannot walk, but this is not it.
Maybe there are some options to make the rules better?