In UPnP IGD there is 2 services "WANPPPConnection" (or WanIPConnection) and WANIPv6FirewallControl that have methods that look similar:
Both taking similar arguments (remote/internal host/port, protocol, lease time).
I was wondering, what is the difference between them ? FW control is apparently exclusive to IPv6 while PortMapping seems to allow both v4 and v6, so what is the real difference ? Is there a different behavior ?
A (typical) IPv4 firewall, embedded in an Internet router, has a single IPv4 address on the Internet, on its WAN interface. Devices on the LAN behind it typically use private range addresses. This means that they are not reachable from the Internet. If a service on a device must be reachable from the Internet, the router must be instructed to forward incoming traffic from one of its ports on its WAN interface, to a port on the LAN device. This is called a "port forwarding," using the NAPT (Network Address and Port Translation) feature of the router.
On IPv6, routers are not provided with a single address on the WAN interface, but a whole prefix. Devices on the LAN all have publicly routeable addresses. There is no need for address and port translation on the router. The firewall in the router, however, may be configured to block all incoming connections. In this case, the router's firewall must be instructed to pass through traffic to certain ports on certain protocols to certain LAN addresses. This is called a "pinhole" in the UPnP-IGD standard.