I've got my home network set up and running fairly well with IPv4 using my hAP-AC router and RB3011 as a bridging switch for my home office equipment. I'd like to add IPv6 capability, but I'm cautious about exposing some devices (IoT stuff, mostly) which may not have a very robust firewall to access from outside. If I could filter IPv6 access by MAC address it would be ideal.
One aim I'm looking for specifically: I'm using a Synology NAS server to develop some websites. I would get best performance if I could set up an AAAA record in my DNS with a specific IP address for each individual website, and then have the MikroTik router forward any request for those IPs to a custom port on the server using its local address (either IPv4 or IPv6). I've implemented this using IPv4 for my highest traffic sites, but I don't have enough static IPv4 addresses to cover the development sites.
Also, I would like to begin using VLANs to segregate some equipment which really should not be speaking to the outside world and a VPN to be able to securely reach equipment from outside. I'm fairly new to both subjects, so if someone could point me to a good primer or two I'd appreciate it----Eric.