How is your wg network setup? Is this a ‘server’ config (such as for remote access) or a ‘client’ (connects to a remote peer like a commercial vpn or an office)?
You can setup a firewall rule to block connections, but it might not be necessary.
Are you looking to isolate clients on the same ssid? This is not a firewall thing. It is simply a WiFi config option. If you are trying to isolate clients between ssids, that would require multiple subnets (not necessarily VLANs per the strict definition, but the same general strategy) and then firewall configurations to keep them isolated.
This would probably require 2 wireguard configs (with separate keys and interface addresses, if it a client type config) and also policy based routing. I’d recommend splitting this one into a different thread.
Is your concern is about incoming connections (i.e. from the internet to the specific IP)? If so, this is blocked by default. Only return traffic based on the connections initiated by the device itself will be allowed to reach it. However, if you want to isolate it from the internet completely, that is easy to do by simply creating a rule that drops (or rejects) all connections from that IP address that are destined for the internet (wan zone) and/or any other zones that should be blocked.
I don't understand exactly what you are looking for here. Can you elaborate on your goals?