Periodic reminder (I just had to look it up again) that the Linux ipv6 sysctl for "don't allow the network to arbitrarily reconfigure my network devices" is nonsensically called "forwarding".
I think the "first default, then all" approach is needed to ensure it's set for all interfaces without a race condition for new interfaces appearing. As always the space between the 1 and the > is critical. Use "1" if you're likely to forget it.