That makes complete sense. Not sure why I didn't realize that would be the case.
Although I think with some extra IPTables rules you can probably block it from accessing the actual Unraid UI instance and just let it access the WG interface.
Essentially no WG interface -> Unraid internal communications, no?
I've set up a wireguard remote tunneled access on my unraid server, and I've set the Local tunnel firewall to 192.168.1.1/24
However, from my phone I'm still able to access the Unraid UI on http://192.168.1.227:8080 when I'm connected to the WG tunnel
Any ideas?