A firewall has nothing to filter, if nothing is routed to it. My IoT devices communicate with a server running in my network. As long as I am behind an IPv4 router, their communications to that server will never make it to the internet, and any communications from the internet have no way of addressing any device on my network. I literally can't add any security to a firewall because there's no communications to handle. Sure, I have personal computers on the same network, which aren't on a separate VLAN because I'm not familiar enough with my router to set that up, so a compromised PC could forward attacks to my IoT devices, but the firewall would be useless at that point.

If I have an IPv6 router, I can miss-configure it in a way where all of my internal communications between IoT devices work as expected, but they also have discoverable addresses on the internet. This would give the firewall something to do, but I'd rather there be no route in the first place.

Also, if I trusted myself to properly configure my router for IPv6, I would put all of my IoT equipment on ULAs, which much like an IPv4 NAT would leave me with nothing to configure in the firewall.

If I were to take your claims at face value, using GUAs with packet filtering is far more reliable and secure than ULAs, and that seems preposterous.

A properly configured firewall for sure adds security, but isolation always wins out.