The OP needs to check that the ICMPs are not actually replies to attempted TCP connections to ports blocked by firewalld. This is what I suspect is happening. Anyway, the easy way to tell is that they are ICMP type 3 code 13. I’m not certain, but the OP’s log screen shot looks very much like the log screen you get from the Checkpoint Smart console. If it is you can double click on any log message to get full details but only the OP can do that for us.