Even your desktop can easily get a fully public IPv6 address, so it might be important to have a default firewall for IPv6. This is mine:

# Generated by ip6tables-save 
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2:166]
-A INPUT -i lo -j ACCEPT 
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# allow SSH - but make sure it's secured
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
# allow all link-local unicast
-A INPUT -s fe80::/10 -d fe80::/10 -j ACCEPT 
# allow multicast
-A INPUT -d ff00::/8 -j ACCEPT 
-A INPUT -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m limit --limit 30/min -j ACCEPT 
-A INPUT -m state --state NEW -m limit --limit 30/min -j REJECT --reject-with icmp6-port-unreachable 
-A INPUT -m state --state INVALID,NEW -j DROP 
COMMIT

ArchLinux: stored in ##/etc/iptables/ip6tables.rules##, and ##ip6tables## enabled in the DAEMONS array of ##/etc/rc.conf##.