could it be possible to implement without implementing the proxy mentioned a while back?
right now, if connection to the WireGuard VPN is lost, traffic of apps specified in the AllowedApps config section will go outside the VPN. I think having an option to prevent that from happening as long as the service is still running could be very helpful, to prevent unforeseen leakage.
i just tested it by rebooting my wireguard server and sure enough, my apps had no internet connection during the reboot process, and once the server was back up, it was automatically restored. seems to work perfectly!