Wireguard : how to restrict to 1 network

I have the following wireguard config:

config interface 'wg0'                                           
        option proto 'wireguard'                                        
        option private_key 'XXX  
        list addresses ''                                       
        option defaultroute '1'                                            
        option ip4table '100'                                              
config wireguard_wg0                                               
        option public_key 'XXX'
        option endpoint_host 'XXX'
        option endpoint_port 'XX  
        option route_allowed_ips '1'
        option allowed_ips ''

This generates this ip rule:

10000:	from lookup 100 
20000:	from all to lookup 100

with the ip table 100 simply directing everything to the wireguard interface.

This is working well, however, I would like to make it more restrictive, and have only the traffic from a specific network lan3 to be directed to use this ip table.

So basically, I would like these rules to be instead:

10000:	from iif br-lan3 lookup 100 
20000:	from all to iif br-lan3 lookup 100

How can I do that?

Disable route_allowed_IPs and add the routes manually. Or use the firewall to restrict access.