When both SNAT and an outbound traffic-policy have been configured, translations will happen before traffic policy comes into action. So, if a traffic-policy has been configured to classify traffic according to addresses, that will not work, as traffic-policy will see translated addresses. So very likely all the traffic will end up in its //default// class.
Fortunately there is a solution for it, it is explained [[ https://blog.vyos.io/using-the-policy-route-and-packet-marking-for-custom-qos-matches | here ]]. And it is done through VyOS CLI.
Without SNAT, there is a solution for "ingress shaping", we do it through an IFB using the VyOS CLI. [[ https://docs.vyos.io/en/latest/qos.html#the-case-of-ingress-shaping | Here ]] is the explanation.
The missing part is a CLI solution for an inbound traffic-policy when there is SNAT. I have not found the way to configure it through CLI.
Maybe is it possible through conntrack-sync?
As it is perfectly possible to successfully have Ingress Shaping with SNAT as explained [[ https://wiki.archlinux.org/index.php/advanced_traffic_control#Example_of_ingress_traffic_shaping_with_SNAT | here ]], it would be nice to fill that CLI gap in order to have a complete QoS solution for the most common scenarios.