You can add AllowedIPs under [Peer], which is the list of IPs that
should be tunneled through the Wireguard tunnel, in your wireguard
configuration file.
0.0.0.0/0 is the whole internet.
If you change it to this:
AllowedIPs = 0.0.0.0/5, 8.0.0.0/7, 11.0.0.0/8, 12.0.0.0/6, 16.0.0.0/4,
32.0.0.0/3, 64.0.0.0/2, 128.0.0.0/3, 160.0.0.0/5, 168.0.0.0/6,
172.0.0.0/12, 172.32.0.0/11, 172.64.0.0/10, 172.128.0.0/9, 173.0.0.0/8,
174.0.0.0/7, 176.0.0.0/4, 192.0.0.0/9, 192.128.0.0/11, 192.160.0.0/13,
192.169.0.0/16, 192.170.0.0/15, 192.172.0.0/14, 192.176.0.0/12,
192.192.0.0/10, 193.0.0.0/8, 194.0.0.0/7, 196.0.0.0/6, 200.0.0.0/5,
208.0.0.0/4, 8.8.8.8/32, 10.64.0.0/10
It should exclude all private IPs (for example LANs)
Then add the following under [Interface]: (if you don't have Postup or
Predown set, otherwise put "&& iptables -I INPUT....."at the back of
your existing line)
Postup = iptables -I INPUT -i YOURLANINTERFACE -d 192.168.1.0/24 -j
ACCEPT && iptables -I OUTPUT -o YOURLANINTERFACE -d 192.168.1.0/24 -j ACCEPT
Predown = iptables -D INPUT -i YOURLANINTERFACE -d 192.168.1.0/24 -j
ACCEPT && iptables -D OUTPUT -o YOURLANINTERFACE -d 192.168.1.0/24 -j ACCEPT