Not quite I think 
. Using the firewall GUI as described in your guide, Qubes still allows any ICMP or DNS requests outside VPN. If you don’t do further hardening via iptables/nft, this might end up with DNS or ping leaks. The only way to block DNS/ICMP with Qubes’ firewall is to use qvm-firewall CLI and remove wildcard rule for everything (accept) and dns special target + icmp, if exists. Above is a reproducible way to catch all cases consistently by first resetting firewall and then applying whitelist rules.
You can recheck with qvm-firewall sys-vpn list. End result should look similar to
NO ACTION HOST PROTOCOL PORT(S) SPECIAL TARGET ICMP TYPE EXPIRE COMMENT
0 accept 1.2.3.4/32 - - - - - -