Sat Jul 03, 2021 6:02 pm
Quic wil never connect from source port 443 to your server, providing the Quic connection. No need to put any extra lines into NAT.
So if your WG is using accepting other source addresses than 443 then only connection tracking or internal tracking by the router the WG it provides. I don't use WG and when I remember it well you have a separate port to connect to setup the connection. Then a new port is used to have the WG connection.
If you WG server is not the router but an other device in you network then internal tracking by the router is not possible and only connection tracking is possible.
You have view this as an statefull firewall and all connection are unique and if a connection is made that is not know then the firewall will block that connection attempt.