The connectiones you marked are used for internal communications in SRX. Those connectiones are not coming from Public/Outside.
To restrict host inbound traffic from "WAN" Zone, you have to modify the WAN host inbound traffic configuration.
Delete the config and re-configure as per your reuquirement:
delete security zones security-zone WAN host-inbound-traffic system-services
(If the host-inbound-traffic is configured under interface ge-0/0/0 level, you have to remove it from interface level also) set security zones security-zone WAN host-inbound-traffic system-services ping
Thanks, Nellikka JNCIE x3 (SEC #321; SP #2839; ENT #790) Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!