Hi. I am a new Brume 2 (and novice networking) user and I am using it as my main router with my Google Nest Wifi set up in bridge mode. I too have two devices (my Android TV’s) set up to use Wireguard VPN full time, with my other devices on regular Internet.
I set the VPN to use the Policy Mode “Based on Client Device” indicated above. You cannot currently set the Global Policy to block non-VPN traffic as normal traffic will not get through (regardless of whether they are excluded/included via policy). Instead, I have a kill-switch for those MAC addresses using custom firewall rules in Luci.