No access to Mikrotik (winbox, android etc.) when connected via Wireguard

Hi, I configured Wireguard on my RouterOS. Peers have connection to devices in LAN, but not directly to Mikrotik www, winbox etc. What should I add to firewall to unlock this?
Firewall:

# 2023-09-13 09:02:55 by RouterOS 7.11.2
# software id = DCEF-ADAK
#
# model = C53UiG+5HPaxD2HPaxD
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment=wireguard dst-port=13231 protocol=udp
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat comment="Raspberry Pi" dst-address=\
    XXX.XXX.XXX.XXX dst-port=80,443 protocol=tcp to-addresses=192.168.88.10
add action=dst-nat chain=dstnat comment=Supla dst-address=XXX.XXX.XXX.XXX \
    dst-port=2015,2016 protocol=tcp to-addresses=192.168.88.10
add action=masquerade chain=srcnat comment="Hairpin NAT" dst-address=\
    192.168.88.10 out-interface-list=LAN protocol=tcp src-address=\
    192.168.88.0/24

Add the wireguard interface to the interface-list LAN (Interfaces->tab “interface list”)

:You should NOT want all mobile user and all LAN user to have full access to router services.
They typically only need access to DNS services and sometimes smart devices to NTP.

However the LAN interface list advice from Larsa is still excellent for both the input and forward chains especially if the MT is the hosting device.

As far as input chain this is better.
/ip firewall address-list { mostly static leases }
add address=admin-IP1 list=Authorized comment=“admin desktop”
add address=admin-IP2 list=Authorized comment=“admin laptop”
add address=admin-IP3 list=Authorized comment=“admin smartphone”
add address=admin-IP4 list=Authorized comment=“admin remote wireguard IP”
/ip firewall filter
{Input Chain}
(default rules to keep)
add action=accept chain=input comment=“defconf: accept established,related,untracked” connection-state=established,related,untracked
add action=drop chain=input comment=“defconf: drop invalid” connection-state=invalid
add action=accept chain=input comment=“defconf: accept ICMP” protocol=icmp
add action=accept chain=input comment=“defconf: accept to local loopback (for CAPsMAN)” dst-address=127.0.0.1
(admin rules)
add action=accept chain=input src-address-list=Authorized
add action=accept chain=input comment=“Allow LAN DNS queries-UDP”
dst-port=53 in-interface-list=LAN protocol=udp
add action=accept chain=input comment=“Allow LAN DNS queries - TCP”
dst-port=53 in-interface-list=LAN protocol=tcp
add action=drop chain=input comment=“drop all else”

In Firewall I have to add only “add action=accept chain=input src-address-list=Authorized”? This works, but those rules below that (authorized) line is connected with it?

sorry was an error, that line is removed now, leftover from a cut and paste…