You did change the IP addresses from the example?
Can you share you config: /export hide-sensitive file=anynameyoulike
There it is. I just tried it without Allowed Address and with 0.0.0.0/0 because I just wanted to see something happen. The local Gateway is behind tripple NAT so the IP is Wurscht.
# jan/25/2022 15:22:46 by RouterOS 7.1.1
# software id =
#
/interface ethernet
set [ find default-name=ether1 ] disable-running-check=no name=ether1_WAN
/interface wireguard
add listen-port=13231 mtu=1420 name=wireguard1
/disk
set slot1 disabled=no
set slot1-part1 disabled=no
/interface list
add name=WAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/port
set 0 name=serial0
set 1 name=serial1
/interface list member
add interface=ether1_WAN list=WAN
/interface wireguard peers
add allowed-address=192.168.88.0/24 endpoint-port=13231 interface=wireguard1 \
public-key="tEO6OXhdlSvVUTumRFve6uZKufPGWC4GJeA0M8hCxgA="
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add interface=ether1_WAN
/ip firewall filter
add action=accept chain=input comment="established, related" \
connection-state=established,related
add action=drop chain=input comment="drop invalid" connection-state=invalid
add action=accept chain=input comment=ICMP protocol=icmp
add action=accept chain=input comment="WinBox, SSH ACCEPT" dst-port=8291,22 \
protocol=tcp
add action=accept chain=input dst-port=13231 protocol=udp
add action=drop chain=input
add action=fasttrack-connection chain=forward comment=fasttrack \
connection-state=established,related hw-offload=yes
add action=accept chain=forward comment="established, related, untracked" \
connection-state=established,related,untracked
add action=drop chain=forward comment="drop invalid" connection-state=invalid
add action=drop chain=forward comment="Drop not DSTNATED" \
connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
add action=accept chain=output content="530 Login incorrect" dst-limit=\
1/1m,9,dst-address/1m protocol=tcp
add action=add-dst-to-address-list address-list=blacklist \
address-list-timeout=3h chain=output content="530 Login incorrect" \
protocol=tcp
add action=drop chain=input comment="drop ssh brute forcers" dst-port=22,8291 \
protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist \
address-list-timeout=1w3d chain=input connection-state=new dst-port=\
22,8291 protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 \
address-list-timeout=1m chain=input connection-state=new dst-port=22,8291 \
protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 \
address-list-timeout=1m chain=input connection-state=new dst-port=22,8291 \
protocol=tcp src-address-list=ssh_stage1
add action=drop chain=forward comment="drop ssh brute downstream" dst-port=\
22,8291 protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_stage1 \
address-list-timeout=1m chain=input connection-state=new dst-port=22,8291 \
protocol=tcp
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/system identity
set name=CHR