Tapo C200 - fw rules for blocking and allowing wireguard (home assistant)

Hi,
running wireguard on my home assistant instance.
Everything is taking place on 192.168.1.0
I've added a tapo camera called c200 on my wifi, on 192.168.1.48.
My wireguard instance lets my phone connect back home with ip 192.168.1.155.
What rules should I use to block my camera from the internet, but still be able to talk to my lan devices?

I've made a block traffic rule for the camera not reaching internet

config rule
        option target 'REJECT'
        list proto 'tcp'
        list proto 'udp'
        option name 'cameratowan'
        option src 'lan'
        list src_ip '192.168.1.48'
        option dest 'wan'

and my camera now only works when I'm connected to my home wifi. Which is cool, but now I need to make it work with wireguard enabled on my iphone as well.
I would assume that when enabled, my phone is in the lan zone, and no need for any rules, but so far that's not the case.

edit:
It's working on my laptop with wireguard enabled (on my lte/4g shared from iphone). Tested with vlc.
It might be that the tapo app doesn't like it.
Maybe I need another app.