set system conntrack ignore ipv4 rule 1 destination address '192.0.2.0/24'
set system conntrack ignore ipv4 rule 1 destination port '500,4500'
set system conntrack ignore ipv4 rule 1 protocol 'udp'
commit

vyos@vyos# commit

Failed to apply configuration: /run/nftables-ct.conf:8:59-61: Error:
Basetype of type internet network service is not bitmask         meta
l4proto udp ip daddr  192.0.2.0/24 th dport  500,4500 counter notrack
comment "ignore-1"
^^^

[[system conntrack]] failed
Commit failed
[edit]
vyos@vyos#

vyos@vyos# set system conntrack ignore ipv4 rule 1 destination port
Possible completions:
   <text>               Named port (any name in /etc/services, e.g., http)
   <1-65535>            Numeric IP port
   start-end            Numbered port range (e.g. 1001-1005)
   None

Multiple destination ports can be specified as a comma-separated list.
The whole list can also be negated using '!'.
For example: '!22,telnet,http,123,1001-1005'

set system conntrack ignore ipv4 rule 1 destination address '192.0.2.0/24'
set system conntrack ignore ipv4 rule 1 destination port '500'
set system conntrack ignore ipv4 rule 1 protocol 'udp'
set system conntrack ignore ipv4 rule 2 destination address '192.0.2.0/24'
set system conntrack ignore ipv4 rule 2 destination port '4500'
set system conntrack ignore ipv4 rule 2 protocol 'udp'

vyos@vyos# set system conntrack ignore ipv4 rule 1 destination address '192.0.2.0/24'
[edit]
vyos@vyos# set system conntrack ignore ipv4 rule 1 destination port '500'
[edit]
vyos@vyos# set system conntrack ignore ipv4 rule 1 protocol 'udp'
[edit]
vyos@vyos# set system conntrack ignore ipv4 rule 2 destination address '192.0.2.0/24'
[edit]
vyos@vyos# set system conntrack ignore ipv4 rule 2 destination port '4500'
[edit]
vyos@vyos# set system conntrack ignore ipv4 rule 2 protocol 'udp'
[edit]
vyos@vyos# commit
[edit]
vyos@vyos#
[edit]