bypassing wireguard using firejail

[Sitaram Chamarty]

I am able to bypass the VPN by using firejail (which is a
sandbox program to run untrusted applications).

Below, the IP addresses and domain names are fake but that
should not matter:

    # wg
    interface: wg0
      public key: ....
      private key: (hidden)
      listening port: 59457
      fwmark: 0xca6c

    peer: ....
      endpoint: 11.22.33.44:51820
      allowed ips: 0.0.0.0/0
      latest handshake: 41 seconds ago
      transfer: 35.42 MiB received, 2.74 MiB sent

    $ curl zx2c4.com/ip
    11.22.33.44                 <--- my wg VPN end point IP
    static.44.33.22.11.elided.tld
    curl/7.64.0

    $ firejail --net=wlp2s0 --dns=8.8.8.8 curl zx2c4.com/ip
    55.66.77.88                 <--- my actual external IP
    elided.hostname.myisp.in
    curl/7.64.0

My questions:

1.  I know firejail is suid root, but still... is there any way
    to prevent this from happening, or at least make it less
    trivial?

    I'm OK with a "this is the way it is, if your untrusted app
    is running as root you're already toast" response; just want
    to make sure I'm not missing a bet here.

2.  I guess I don't know as much about Linux networking as I
    *thought* I knew, especially about policy routing, so I am
    feeling a bit lost here.

    I would prefer not to have to learn lots of things about
    policy routing and so on, so I wonder if there is a simple,
    (wireguard-specific, if possible) explanation of how linux
    policy routing and iptables work behind the scenes to direct
    packets when wireguard is in play?

regards
sitaram