Here it goes
(Just to remember some context, I applied this modification to the wireguards configurations)
: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
inet 192.168.1.73/24 brd 192.168.1.255 scope global dynamic noprefixroute eth0
valid_lft 2599sec preferred_lft 2149sec
3: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
inet 10.122.89.1/24 scope global wg0
valid_lft forever preferred_lft forever
5: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
7: veth4cfdde5@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default link-netnsid 0
inet 169.254.177.113/16 brd 169.254.255.255 scope global noprefixroute veth4cfdde5
valid_lft forever preferred_lft forever
12: surfshark-01: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
inet 10.14.0.2/16 scope global surfshark-01
valid_lft forever preferred_lft forever
default dev surfshark-01 table 51820 scope link
default via 192.168.1.254 dev eth0 proto dhcp src 192.168.1.73 metric 202
10.14.0.0/16 dev surfshark-01 proto kernel scope link src 10.14.0.2
10.122.89.0/24 dev wg0 proto kernel scope link src 10.122.89.1
169.254.0.0/16 dev veth4cfdde5 scope link src 169.254.177.113 metric 207
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1
192.168.1.0/24 dev eth0 proto dhcp scope link src 192.168.1.73 metric 202
local 10.14.0.2 dev surfshark-01 table local proto kernel scope host src 10.14.0.2
broadcast 10.14.255.255 dev surfshark-01 table local proto kernel scope link src 10.14.0.2
local 10.122.89.1 dev wg0 table local proto kernel scope host src 10.122.89.1
broadcast 10.122.89.255 dev wg0 table local proto kernel scope link src 10.122.89.1
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
local 169.254.177.113 dev veth4cfdde5 table local proto kernel scope host src 169.254.177.113
broadcast 169.254.255.255 dev veth4cfdde5 table local proto kernel scope link src 169.254.177.113
local 172.17.0.1 dev docker0 table local proto kernel scope host src 172.17.0.1
broadcast 172.17.255.255 dev docker0 table local proto kernel scope link src 172.17.0.1
local 192.168.1.73 dev eth0 table local proto kernel scope host src 192.168.1.73
broadcast 192.168.1.255 dev eth0 table local proto kernel scope link src 192.168.1.73
0: from all lookup local
32764: from all lookup main suppress_prefixlength 0
32765: not from all fwmark 0xca6c lookup 51820
32766: from all lookup main
32767: from all lookup default
# Generated by iptables-save v1.8.7 on Mon Dec 4 15:17:56 2023
*mangle
:PREROUTING ACCEPT [2807112:946469024]
:INPUT ACCEPT [2799965:945871781]
:FORWARD ACCEPT [7126:594673]
:OUTPUT ACCEPT [2697408:3718693582]
:POSTROUTING ACCEPT [2821917:3730219499]
[1472580:537349285] -A PREROUTING -p udp -m comment --comment "wg-quick(8) rule for surfshark-01" -j CONNMARK --restore-mark --nfmask 0xffffffff --ctmask 0xffffffff
[739376:432313768] -A POSTROUTING -p udp -m mark --mark 0xca6c -m comment --comment "wg-quick(8) rule for surfshark-01" -j CONNMARK --save-mark --nfmask 0xffffffff --ctmask 0xffffffff
COMMIT
# Completed on Mon Dec 4 15:17:56 2023
# Generated by iptables-save v1.8.7 on Mon Dec 4 15:17:56 2023
*raw
:PREROUTING ACCEPT [2807112:946469024]
:OUTPUT ACCEPT [2697408:3718693582]
[0:0] -A PREROUTING -d 10.14.0.2/32 ! -i surfshark-01 -m addrtype ! --src-type LOCAL -m comment --comment "wg-quick(8) rule for surfshark-01" -j DROP
COMMIT
# Completed on Mon Dec 4 15:17:56 2023
# Generated by iptables-save v1.8.7 on Mon Dec 4 15:17:56 2023
*filter
:INPUT ACCEPT [2600836:870400629]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2697408:3718693582]
:DOCKER - [0:0]
:DOCKER-ISOLATION-STAGE-1 - [0:0]
:DOCKER-ISOLATION-STAGE-2 - [0:0]
:DOCKER-USER - [0:0]
[196534:75283212] -A INPUT -i eth0 -p udp -m udp --dport 51821 -m comment --comment wireguard-input-rule -j ACCEPT
[2595:187940] -A INPUT -i wg0 -p udp -m udp --dport 53 -m comment --comment pihole-DNS-rule -j ACCEPT
[0:0] -A INPUT -i wg0 -p udp -m udp --dport 53 -m comment --comment pihole-DNS-rule -j ACCEPT
[0:0] -A INPUT -i wg0 -p udp -m udp --dport 53 -m comment --comment pihole-DNS-rule -j ACCEPT
[0:0] -A INPUT -i wg0 -p udp -m udp --dport 53 -m comment --comment pihole-DNS-rule -j ACCEPT
[0:0] -A INPUT -i eth0 -p udp -m udp --dport 51820 -m comment --comment wireguard-input-rule -j ACCEPT
[0:0] -A INPUT -i wg0 -p udp -m udp --dport 53 -m comment --comment pihole-DNS-rule -j ACCEPT
[7126:594673] -A FORWARD -j DOCKER-USER
[7126:594673] -A FORWARD -j DOCKER-ISOLATION-STAGE-1
[0:0] -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
[0:0] -A FORWARD -o docker0 -j DOCKER
[0:0] -A FORWARD -i docker0 ! -o docker0 -j ACCEPT
[0:0] -A FORWARD -i docker0 -o docker0 -j ACCEPT
[52:39572] -A FORWARD -d 10.122.89.0/24 -i eth0 -o wg0 -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment wireguard-forward-rule -j ACCEPT
[52:5313] -A FORWARD -s 10.122.89.0/24 -i wg0 -o eth0 -m comment --comment wireguard-forward-rule -j ACCEPT
[0:0] -A FORWARD -d 10.37.120.0/24 -i eth0 -o wg0 -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment wireguard-forward-rule -j ACCEPT
[0:0] -A FORWARD -s 10.37.120.0/24 -i wg0 -o eth0 -m comment --comment wireguard-forward-rule -j ACCEPT
[0:0] -A FORWARD -d 10.180.139.0/24 -i eth0 -o wg0 -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment wireguard-forward-rule -j ACCEPT
[0:0] -A FORWARD -s 10.180.139.0/24 -i wg0 -o eth0 -m comment --comment wireguard-forward-rule -j ACCEPT
[0:0] -A FORWARD ! -d 192.168.0.0/24 -o eth0 -j REJECT --reject-with icmp-port-unreachable
[7022:549788] -A FORWARD -i wg0 -j ACCEPT
[0:0] -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
[0:0] -A FORWARD -j REJECT --reject-with icmp-port-unreachable
[0:0] -A FORWARD ! -d 192.168.0.0/24 -o eth0 -j REJECT --reject-with icmp-port-unreachable
[0:0] -A FORWARD -i wg0 -j ACCEPT
[0:0] -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
[0:0] -A FORWARD -j REJECT --reject-with icmp-port-unreachable
[0:0] -A DOCKER -d 172.17.0.2/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 9000 -j ACCEPT
[0:0] -A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
[7126:594673] -A DOCKER-ISOLATION-STAGE-1 -j RETURN
[0:0] -A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
[0:0] -A DOCKER-ISOLATION-STAGE-2 -j RETURN
[7126:594673] -A DOCKER-USER -j RETURN
COMMIT
# Completed on Mon Dec 4 15:17:56 2023
# Generated by iptables-save v1.8.7 on Mon Dec 4 15:17:56 2023
*nat
:PREROUTING ACCEPT [22319:3933944]
:INPUT ACCEPT [21129:3820056]
:OUTPUT ACCEPT [311760:42143306]
:POSTROUTING ACCEPT [238479:31099589]
:DOCKER - [0:0]
[17127:2762741] -A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
[37519:12565678] -A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
[7835:2646828] -A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
[25:1508] -A POSTROUTING -s 10.122.89.0/24 -o eth0 -m comment --comment wireguard-nat-rule -j MASQUERADE
[0:0] -A POSTROUTING -s 10.37.120.0/24 -o eth0 -m comment --comment wireguard-nat-rule -j MASQUERADE
[0:0] -A POSTROUTING -s 10.120.17.0/24 -o eth0 -m comment --comment wireguard-nat-rule -j MASQUERADE
[66609:8508653] -A POSTROUTING -o eth0 -j MASQUERADE
[0:0] -A POSTROUTING -o vpn-client -j MASQUERADE
[0:0] -A POSTROUTING -o eth0 -j MASQUERADE
[0:0] -A POSTROUTING -o vpn-client -j MASQUERADE
[0:0] -A POSTROUTING -s 172.17.0.2/32 -d 172.17.0.2/32 -p tcp -m tcp --dport 9000 -j MASQUERADE
[0:0] -A DOCKER -i docker0 -j RETURN
[0:0] -A DOCKER ! -i docker0 -p tcp -m tcp --dport 9002 -j DNAT --to-destination 172.17.0.2:9000
COMMIT
# Completed on Mon Dec 4 15:17:56 2023