how do torrent clients circumvent router's firewall?
It's inside the function of network connections. Your client (deluge) perform a request to internet hosts and "publish" port 6881 for incoming requests. Your firewall blocks the incoming connections ([UFW BLOCK]) for your pc but the requests from external hosts to your port 6881 is normal. There is nothing strange in this. Moreover, some incoming connection are forwarded to your Pc because in your firewall configuration you have rules for "related" traffic. This means that a software starting the connection internally (deluge) is authorized to receive traffic coming from external ip for which you have started a communication. You should not use a p2p software if you don't want to send traffic to external host or receive external requests.
Your router supports uPNP, which allows programs like deluge to automatically ask it to forward ports while the program is running.