Thanks for supplying the interfaces screenshot. Several different items and thoughts:
I would like to see the subnet mask of your WAN ip if you don't mind. I am still intrigued as to which machine on your lan is the 192.168.1.102 computer that showed up in the logs. Could be a random machine that had that ip address at that time. The reason I asked if you had any virtual/public ip's is because normally, when items in the firewall get blocked on the WAN side, they should only be showing the WAN ip address, as they are in the other types of items being blocked. Internal ip addresses show in the logs when those internal addresses are matched up with 1:1 NAT public ip's (at least from all the setups I have performed and seen).
Another item, unless needed for the specific application you mentioned in your first post regarding that "he.net ipv6 tunnels work", you could delete the two ICMP rules and just use the following:
Allow - ICMP - * - WAN ADDRESS - * - *
That way, you'd be allowing ping replies to your 126.96.36.199 ip address, and by default, all ICMP requests to your internal LAN would be blocked by default. Of course, for logging purposes, that is when you need to create the additional rules. So basically, I am saying, get rid of the rule that says ALLOW ICMP to !LAN net, and replace it with what I have mentioned above.
Could you post your latest firewall log so we could see the ip's whose ICMP packets are still making it through? I am interested if it is still coming from the same ip, or from somewhere else.