Restrict Wireguard LAN access to single IP address

I have the following setup

  • ISP router
  • GL inet ar-300m connected to main router using WAN port (Should i use LAN?)
  • Computer

Wireguard clients:

I’d like that the clients that connect via wireguard can only access the Computer ( and not the rest of the devices on the lan network. How can I achieve this?

Right now i’m using “AllowedIPs =” on the “client” side peer, this works but of course the client can modify the config file and access other LAN devices.

Searching on this forum I found this configuration:

That allows to block a specific address for a client. I would like to do exactly the opposite, only allow access to a specific address for a client.

Thank you.