See: Use WireGuard interface for specific devices only
If you have inbound WAN services, you must ensure that these devices use WAN for their outbound reply traffic, the easiest way to accomplish this is permanently configure the host to use WAN ONLY.
If you need to do something more advanced - like change the outbound routes on this host based on SRC IP or inbound traffic interface, feel free to reply and ask.