So far we in policy route we have:
vyos@ROCK# set policy route FOO rule 10 set Possible completions: connection-mark Set connection mark dscp Set DSCP (Packet Differentiated Services Codepoint) bits mark Set packet mark table Set the routing table for matched packets tcp-mss Set TCP Maximum Segment Size vrf VRF to forward packet with [edit] vyos@ROCK# set policy route FOO rule 10 set
Apart from set tale, all of these options create rules in nftables.
Since it's a firewall capability, we need to extend packet modification capabilities to regular firewall rules.