Wireguard + qbittorent leaks some UDP traffic

I am testing wg+qbittorent setup according to this manual. Base host is Ubuntu server 22.04.
Current config with network_mode: service:wireguard for qbittorent container. It is strange, but some UDP traffic leaks from wireguard tunnel. Found it because iptables counters increased. Added logging to see what kind of packets are leaking.

Chain OUTPUT (policy ACCEPT 1201K packets, 104M bytes)
 pkts bytes target     prot opt in     out     source               destination
  949 1043K ACCEPT     0    --  *      *  
  731 79969 LOG        0    --  *      !wg0              mark match ! 0xca6c ADDRTYPE match dst-type !LOCAL LOG flags 0 level 4
  731 79969 REJECT     0    --  *      !wg0              mark match ! 0xca6c ADDRTYPE match dst-type !LOCAL reject-with icmp-port-unreachable

It seems that leakage affects only UDP packets from port 6881 of qbittorent. Dmesg messages look like this:
IN= OUT=eth0 SRC= DST= LEN=132 TOS=0x04 PREC=0x00 TTL=64 ID=4715 DF PROTO=UDP SPT=6881 DPT=34116 LEN=112

I do not have any more ideas how to troubleshoot this. As I can see that there are no fwmarks on this traffic (modified iptables rules to check this). It seems that ip rule does not work correctly for such packets.

It seems that i found the cause. By default qbittorent binds to all interfaces and dropped UDP packets are originated from eth0 interface.
Tested with ping -I eth0 from container and got IN= OUT=eth0 SRC= DST= LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=13769 DF PROTO=ICMP TYPE=8 CODE=0 ID=19 SEQ=11 in dmesg. Yet do not have good answer why they are not affected by ip rule.

# ip rule show
0:	from all lookup local
32764:	from all lookup main suppress_prefixlength 0
32765:	not from all fwmark 0xca6c lookup 51820
32766:	from all lookup main
32767:	from all lookup default