Probably while DietPi was updated to v7.4, the killswitch was enabled on v7.3 (which is not touched, unless re-set via dietpi-vpn). However, good that SSH works now as expected.
That any other incoming packages, not related to SSH (which we included explicitly with v7.4) or to an established connection (initiated from the Pi), is blocked, is by design when using a killswitch. We discussed whether to allow more or even all inbound connections, when seeing the killswitch as a prevention for outbound connections accidentally bypassing the VPN, while leaving inbound connections a matter of port forwarding, firewall etc. But when checking other killswitch implementations, usually either all inbound connections are blocked, or only selected ones whitelisted, like we do with SSH.
I think there is no one solution that meets it all and we may add a selection instead, i.e. selecting ports from an ss -tulpn list and whether to whitelist it for LAN or even WAN (in cases where the VPN provider supports port forwarding).
For now you can use the Edit Up option to allow LMS connections after the VPN connection has been established. For this add the following line:
iptables -A INPUT -p tcp --dport 9000 -j ACCEPT