DROP is used, typically, when you don’t want to notify script kiddies there’s an endpoint/server listening on the other end. It also saves a touch of CPU performance, bandwidth as it doesn’t send back the response of REJECT.
It looks like 10.0.0.5 is the source IP for the WG Client connected to the upstream WG Server but my general iptable/firewall writing skills aren’t exactly good.
LuCI → Network → Firewall → Custom Rules is the optimal/proper place to put them but see this seemingly unrelated HOW-TO. There’s a rather important note about custom firewall rules:
Do you refer to this remark?
" If you have custom firewall rules be sure to add /etc/firewall.user too."
Is this something, which has to be done if I want to backup my custom rules or it is something, which must be done in order my custom rules to work at all?
I suppose it depends if you want your custom firewall to work after restoring a backup but I also keep a log of changes to my devices so whatever works best for you.