> Comcasts cable modem also doesn't have any firewall for IPv4... it's a cable modem, it passes packets.
Most of the new stuff comcast ships is an "all in one" device that acts as an access point, a router and a cable modem. You can buy third party cable modems that do what you describe but what comcast gives you is much more fancy.
You should almost always buy a 'dumb' cable modem and have your own router that you manage behind it. These devices are commonly behind on firmware and may have completely insecure settings that you'll never have insight into.
