Wireguard connection on VM

[HTP.ProXy]

Hello,

I am using Wireguard to connect to a public VPN server. The tunnel is working fine, but I struggle to block everything to and from the internet, that is not routed over the VPN.

interface: de-fra-wg-001
  public key: QiGPizl37z6zHO/XVvC50tGziBj507Jd3QzIJnHXYDU=
  private key: (hidden)
  listening port: 47664
  fwmark: 0xca6c

peer: HQHCrq4J6bSpdW1fI5hR/bvcrYa6HgGgwaa5ZY749ik=
  endpoint: x.x.x.x:51820
  allowed ips: 0.0.0.0/0, ::/0
  latest handshake: 1 minute, 26 seconds ago
  transfer: 4.71 MiB received, 3.16 MiB sent

I thought it should be possible to block everything that is not using the interface 'de-fra-wg-001' but to my surprise everything is still allowed, even with no connected VPN.

This is my nftables.conf:

#!/usr/sbin/nft -f

flush ruleset

table inet filter {
    chain input {
        type filter hook input priority 0; policy drop;

        ip saddr 127.0.0.1 accept
        ip daddr 127.0.0.1 accept

        ip saddr 192.168.0.0/16 accept
        ip daddr 192.168.0.0/16 accept

        ip saddr 172.17.0.0/16 accept
        ip daddr 172.17.0.0/16 accept

        iifname "de-fra-wg-001" accept

        ct state established accept

        drop
    }
    chain forward {
        type filter hook forward priority filter;
    }
    chain output {
        #type filter hook output priority filter;
        type filter hook output priority 0; policy drop;

        ip saddr 127.0.0.1 accept
        ip daddr 127.0.0.1 accept

        ip saddr 192.168.0.0/16 accept
        ip daddr 192.168.0.0/16 accept

        ip saddr 172.17.0.0/16 accept
        ip daddr 172.17.0.0/16 accept

        oifname "de-fra-wg-001" accept

        ct state established accept

        drop
    }
}

Does anyone have an idea why the internet is still accessible even after disconnecting from the VPN?

Thank you!