Wireguard kill switch setup multiple vlans only some use wireguard

[pasha-19]

Using the following instructions I have gotten wireguard working without a kill switch.

https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html

The instructions in step 11 indicate "There are a couple of ways to avoid this, one of which is outlined here".  My understanding which may be wrong is that the creation of the WAN rule may be too general for my case.  I have multiple vlans several (a subset) of which utilize the wireguard gateway for outbound traffic and others do not.  Changing the firewall rules for each the participating vlans that use the wireguard interface makes sense and I believe is appropriate as written (and I believe understand how to do that).  However the second WAN rule to be added (I probably only need one.) has me concerned I have a feeling that I somehow need to restrict it to only the traffic that was allowed on the wireguard gateway.  Since there is an outbound NAT for that gateway created in Step 9.  Do I need to include an address like the outbound wireguard IP in the WAN rule or do I need to include a list of the specific vlan networks that utilize the wireguard gateway and which address are they (probably the source IP address for the outbound side of the traffic) in the required WAN rule?