other good defaults for OpenWrt?

ULA related (if you dont use):

uci set network.lan.delegate='0'
uci set network.wan6.delegate='0'

protect wan6 mac address

uci set network.wan6.ip6ifaceid='random'

give lan a nice reserved address (or use add_list)

uci set network.lan.ip6addr='2001::1'
#no action
#uci set network.loopback.ip6addr='::1'

AnyIP is able to catch bad destination

# ip -6 route show table local
uci add network route6
uci set network.@route6[-1].interface='loopback'
uci set network.@route6[-1].type='local'
uci set network.@route6[-1].target='2001::/96'

# ipv4 version but blackhole
#uci add network route
#uci set network.@route[-1].interface='lan'
#uci set network.@route[-1].type='blackhole'
#uci set network.@route[-1].target='1.1.1.1/32'
#uci set network.@route[-1].gateway='0.0.0.0'

set zone to be ipv4 or ipv6 only. check the name and network first! then you can disable ra/dhcpv6/ndp (or dhcpv4/ignore for disable ipv4).

#uci set firewall.@zone[0].family='ipv4'
#uci set firewall.@zone[2].family='ipv6'