Add marks for outgoing packets.
For example, if I want that all traffic destined to host 1.1.1.1 or port 443 goes via ISP2 (eth2) and port 80 via ISP1 (eth0)
set interfaces ethernet eth0 address '192.168.122.14/24' set interfaces ethernet eth0 description 'ISP1' set interfaces ethernet eth2 address '192.168.100.150/24' set interfaces ethernet eth0 description 'ISP2' set policy local-route rule 10 fwmark '10' set policy local-route rule 10 set table '10' set policy local-route rule 20 fwmark '20' set policy local-route rule 20 set table '20' set protocols static route 0.0.0.0/0 next-hop 192.168.100.1 set protocols static route 0.0.0.0/0 next-hop 192.168.122.1 set protocols static table 10 route 0.0.0.0/0 next-hop 192.168.100.1 set protocols static table 20 route 0.0.0.0/0 next-hop 192.168.122.1
nft rules (need to check, maybe wrong)
sudo nft add table inet mymark
sudo nft add chain inet mymark output \{type route hook output priority mangle \; policy accept\;\}
sudo nft add rule inet mymark output ip daddr 1.1.1.1 mark set 10 comment \"Mark outgoing packets destined to host 1.1.1.1\"
sudo nft add rule inet mymark output tcp dport 443 mark set 10 comment \"Mark outgoing packets destined to port 443\"
sudo nft add rule inet mymark output tcp dport 80 mark set 20 comment \"Mark outgoing packets destined to port 80\"tcpdump on eth2
vyos@r14# sudo tcpdump -ni eth2 host 1.1.1.1 tcpdump: verbose output suppressed, use -v[v]... for full protocol decode listening on eth2, link-type EN10MB (Ethernet), snapshot length 262144 bytes 12:50:04.735781 IP 192.168.100.150 > 1.1.1.1: ICMP echo request, id 3482, seq 1, length 64 12:50:04.774111 IP 1.1.1.1 > 192.168.100.150: ICMP echo reply, id 3482, seq 1, length 64