I have one of those (but no Internet of Shit devices to segregate). Still, it's nice to know I can do so if I need to.
Unfortunately, all is not rainbows and unicorns. Ubiquiti's GUI doesn't treat IPv6 as a first-class citizen; if you want IPv6 you need to head for the CLI and hope you hit upon the right recipe to enable it for your provider - and make sure you set up your firewall rules to only open IPv6 addresses/ports you want open.
This is also a feature on Pfsense, or just about any high end router, switch, or firewall.
The article asserts, "It expands the attack surface and most of this isn't covered by traditional defenses", which is bogus. It's just another device that doesn't need to be on the same network as critical services.
Tomato makes this very easy. I've set up an "untrusted" network, devices in which can't connect anywhere, neither to local nor to remote machines (only I can connect to them).
