You never clearly state an issue; but from this sentence, I surmise you want your DDNS to use your WAN without VPN.
Now that you made the firewall ruels, you need to make policy-based routes and rules.
See:
https://openwrt.org/docs/guide-user/network/ip_rules
and
It is.
Using "specific MAC addresses" would require putting your device back to use WAN by default and make forwarding exceptions to using the WAN. Just FYI MACs are Layer 2 (not Layer 3 which is where routing is handled after the LAN). Let's start off by saying...wireguard doesn't have the be the "default route."
if you have it checked, uncheck the make routes for subnets box under the wireguard interface
config your router back to use the normal WAN
So...You want your router to use 2 sepa…
Remember that you'll also need to make rules for any device/server you wish to use the WAN too. You can do that by individual IP or by [the router's] receiving interfaces.