Uncommon WireGuard setup

gate0.conf

[Interface]
Address = ADDR
PrivateKey = KEY
# DNS = DNS # Set DNS on middle clients instead as setting it here might interfere with server config.
MTU = 1280
Table = 333

PostUp = iptables -t nat -A POSTROUTING -o %i -j MASQUERADE
PreDown = iptables -t nat -D POSTROUTING -o %i -j MASQUERADE

[Peer]
PublicKey = PUB
AllowedIPs = 0.0.0.0/0
Endpoint = ADDR
#PersistentKeepalive = 10

middle.conf

[Interface]
PrivateKey = PRV
Address = 10.0.0.1/24
ListenPort = 51820
MTU = 1280

PostUp = rules.sh %i up
PreDown = rules.sh %i down

PostUp = iptables -A FORWARD -o %i -m state --state RELATED,ESTABLISHED -j ACCEPT
PreDown = iptables -D FORWARD -o %i -m state --state RELATED,ESTABLISHED -j ACCEPT

# Peers come here

rules.sh

#!/bin/bash

declare -A ips

ips["10.3.3.0/24"]="334"
ips["10.3.3.2/31"]="333"
ips["10.3.3.9/32"]="333"
ips["10.3.3.10/32"]="332"
ips["10.3.3.11/32"]="331"

if [ "$#" -ne 2 ]; then
  echo "Usage: $0 <iface> <up|down>"
  exit 1
fi

iface=$1
action=$2

if [[ "$action" != "up" && "$action" != "down" ]]; then
  echo "Invalid action. Use 'down' or 'up'."
  exit 1
fi

if [ "$action" == "up" ]; then
  for k in "${!ips[@]}"; do
    (
      set -x
      ip rule add from "$k" iif "$iface" lookup "${ips[$k]}";
    ) || true
  done
elif [ "$action" == "down" ]; then
  for k in "${!ips[@]}"; do
    (
      set -x
      ip rule del from "$k" iif "$iface" lookup "${ips[$k]}";
    ) || true
  done
fi