The single rule from your screenshot is not good enough, because it blocks all IPv6 WAN communications of your router, it blocks all responses, not just incoming connections, and doesn't protect clients in your LAN network, which use the chain "forward". IPv6 addresses in your LAN will be accessible from the internet with no protection. Also please note that ICMP is very important for a functional IPv6 and should not be blindly blocked.
I don't want ipv6 firewall rules on the router
at all for
clients on the ext-LAN, as each client has their own firewall and policies and services.
They need to be directly accessible from the internet. Same goes for ipv4.
I *want* to block all connections from the internet to
services on the router only, but I *also* want to access those services from my LAN,
hence the !LAN rule. These two things are my primary concern. I'm not bothered if I can't ping from the router itself. (but see edit)
edit: I'm wondering how the ipv6 got started in the first place. Probably because I enabled the rule after ipv6 started working, and haven't rebooted it since. in other words, yeah I realise ipv6 probably won't work after I reboot unless I sort the rules out effectively, at least for icmpv6, because, as you rightly point out, in v6 icmp is a requirement for it to work.