I would like to get feedback if it would be enough to set
net.ipv4.conf.all.forwarding=0
net.ipv4.conf.default.forwarding=0
net.ipv6.conf.all.forwarding=0
net.ipv6.conf.default.forwarding=0
in /etc/sysctl.conf and no sub-system will later come and try to set it back to 1.
I have these realtek switches and they are only "good enough" to be a somehow managed switch, but definitely are they not a router. Therefor I can safely deactivate that feature in my use case...
Swap the order, and also change firewall to drop forward.
First default, then all? K.
firewall and luci got removed from the image already.
disable ip6 on interfaces.
If there is only one L3 interface (for administration login), forwarding is not going to occur.
Nah. I'm still not wiser if it ever was a good idea that nobody interrupted.
Somehow I can see the point why even a "switch"/bridge-interface, which bridges interfaces, should have an LLA.
Somehow I think, that if the Host really wants to speak Layer-3 on any bridge or interface, it should be explicit configured. Some NOS vendors do this... 
Maybe the firewall will be got reinstalled, later...
Yep, sysctl to disable ip6 and enable on localhost
sysctl net.ipv6.conf.default.disable_ipv6=1 \
net.ipv6.conf.all.disable_ipv6=1 \
net.ipv6.conf.lo.disable_ipv6=0 | tee -a /etc/sysctl.conf
These are in /etc/sysctl.d/10-default.conf. You’ll probably want to comment them out.
net.ipv6.conf.default.forwarding=1
net.ipv6.conf.all.forwarding=1
root@OpenWrt:~# cat /etc/sysctl.conf # Defaults are configured in /etc/sysctl.d/* and can be customized in this file
Thanks, but I don't want to just disable IPv6. Like I said, I have still not found a final and satisfying answer, should or shouldn't have a bridge on Linux an LLA, or not...
It diisables active l3 interface, no impact on bridges forwarding ipv6 frames.
Yes, I've understood, and I know that.
But, as the current Linux default is, that a bridge gets an LLA, and I for myself have not found an answer to that question (should there be an address or not), I let it stay. I'm totally aware about the mental gymnastics and acrobations that "nowadays" we have no longer a Switch (a Layer-2 bridge), but we have some "managed" Switches, somehow a little more useful on various Layer-2-foo, and some of them even can route up to 16 routes, and think they now are a Router, who can do routing on routes and stuff like that!
And in the meantime you got this 2-and-a-half-Layer-shizzle-mess.
But still: It's somehow appealing till useful to/for me, that I'm able to speak with every device on a link via its LLA.
Bridges worked devades before inception of ip6