Incoming traffic on WG interface behind ISP modem

I have tried this, but it does not resolve the issue.

To determine the correct firewall and zone settings, I have connected an OpenWrt device with Wireguard client directly to the internet (so no ISP modem with NAT in between). It actually works with the settings from my first post, leading me to suspect the routing table / ISP modem subnet as the cause.