Iptables: how to allow forwarding from wireguard NIC only to some IP

Solution 1:

Sure you can, instead of arbitrarily allowing traffic, just make sure it goes to the destination IP you expect:

-A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT 
-A FORWARD -i wg0 -d 192.168.1.45 -j ACCEPT

As a side note, I wouldn't add and remove rules in the PostUp and PostDown hooks, it isn't useful to remove them when the interface no longer exists as they don't do anything in that case. Just leave them there all the time, it's less error-prone and easier to manage.