Restrict Wireguard LAN access to single IP address

I have the following setup

  • ISP router 10.1.10.1
  • GL inet ar-300m connected to main router using WAN port (Should i use LAN?) 10.1.10.2
  • Computer 10.1.10.5

Wireguard clients:
10.0.0.2
10.0.0.3

I’d like that the clients that connect via wireguard can only access the Computer (10.1.10.5) and not the rest of the devices on the lan network. How can I achieve this?

Right now i’m using “AllowedIPs = 10.1.10.5/32” on the “client” side peer, this works but of course the client can modify the config file and access other LAN devices.

Searching on this forum I found this configuration:

That allows to block a specific address for a client. I would like to do exactly the opposite, only allow access to a specific address for a client.

Thank you.