Hi,
Assuming you are using source-nat to nat from LAN to Internet, is it being NAT on the interface?
If yes, you could add the matching condition "from destination-address [mypublic ip] to the additional term 2_1, otherwise the comprehensive filter would have to be something like this with additional term 2_1:
set firewall family inet filter [filter_bla_bla] term 1 from source-address [public ip]
set firewall family inet filter [filter_bla_bla] term 1 from source-address [public ip]
set firewall family inet filter [filter_bla_bla] term 1 from destination-address [my public ip]
set firewall family inet filter [filter_bla_bla] term 1 from protocol tcp
set firewall family inet filter [filter_bla_bla] term 1 from destination-port ssh
set firewall family inet filter [filter_bla_bla] term 1 then accept
set firewall family inet filter [filter_bla_bla] term 2 from source-address [public ip]
set firewall family inet filter [filter_bla_bla] term 2 from source-address [public ip]
set firewall family inet filter [filter_bla_bla] term 2 from destination-address [my public ip]
set firewall family inet filter [filter_bla_bla] term 2 from protocol icmp
set firewall family inet filter [filter_bla_bla] term 2 then accept
set firewall family inet filter [filter_bla_bla] term 2_1 from protocol icmp
set firewall family inet filter [filter_bla_bla] term 2_1 from icmp-type echo-reply
set firewall family inet filter [filter_bla_bla] term 2_1 then accept
set firewall family inet filter [filter_bla_bla] term 3 from destination-address [my public ip]
set firewall family inet filter [filter_bla_bla] term 3 from protocol tcp
set firewall family inet filter [filter_bla_bla] term 3 from destination-port ssh
set firewall family inet filter [filter_bla_bla] term 3 then reject
set firewall family inet filter [filter_bla_bla] term 4 from protocol icmp
set firewall family inet filter [filter_bla_bla] term 4 from protocol icmp6
set firewall family inet filter [filter_bla_bla] term 4 then reject
set firewall family inet filter [filter_bla_bla] term default then accept
If there is a dedicated NAT pool, you could add the "from destination-prefix-list NAT-pool" for example.
Term 2_1 would have to be before term 4 at least.
Cheers,
Ashvin