Could you please look into
sudo sysctl -a
And see if there is something else to harden?
ufw doesnt block ICMP - wiki fixation reminded me, perhaps there are some other ICMP related settings worth flipping? For example, you have this already covered:
## Disables ICMP redirect acceptance.
net.ipv4.conf.all.accept_redirects=0
But perhaps there is more? Even if Whonix firewall blocks ICMP, that could be interested in context of Kicksecure and clearnet reachable servers.