Wireguard Clients isolation

This will block traffic between clients:
ip6tables -I FORWARD -i wg0 -o wg0 -j REJECT --reject-with icmp6-adm-prohibited
iptables -I FORWARD -i wg0 -o wg0 -j REJECT --reject-with icmp-admin-prohibited

To disable isolation for single client:
iptables -I FORWARD -i wg0 -s 10.0.0.3/32 -d 10.0.0.0/24 -j ACCEPT

10.0.0.3/32 – Single client IP
10.0.0.0/24 – Subnet allow to reach