I’ve done similar test, and it seems to be working as expected.
While doing curl/wget, you can do tcpdump in outgoing interface, and see if connection is being routed properly, and if response is received properly.
For example, this is a tcpdump:
vyos@vyos# sudo tcpdump -i eth1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 262144 bytes
16:48:50.527677 IP 10.1.1.2.55946 > 142.250.79.164.https: Flags [S], seq 1209830650, win 64240, options [mss 1460,sackOK,TS val 2382374897 ecr 0,nop,wscale 5], length 0
16:48:50.559336 IP 142.250.79.164.https > 10.1.1.2.55946: Flags [S.], seq 930274370, ack 1209830651, win 65535, options [mss 1412,sackOK,TS val 2232838053 ecr 2382374897,nop,wscale 8], length 0
16:48:50.560484 IP 10.1.1.2.55946 > 142.250.79.164.https: Flags [.], ack 1, win 2008, options [nop,nop,TS val 2382374930 ecr 2232838053], length 0
16:48:50.563003 IP 10.1.1.2.55946 > 142.250.79.164.https: Flags [P.], seq 1:518, ack 1, win 2008, options [nop,nop,TS val 2382374933 ecr 2232838053], length 517
16:48:50.594363 IP 142.250.79.164.https > 10.1.1.2.55946: Flags [.], ack 518, win 261, options [nop,nop,TS val 2232838088 ecr 2382374933], length 0
16:48:50.616005 IP 142.250.79.164.https > 10.1.1.2.55946: Flags [.], seq 1:1401, ack 518, win 261, options [nop,nop,TS val 2232838110 ecr 2382374933], length 1400
16:48:50.616005 IP 142.250.79.164.https > 10.1.1.2.55946: Flags [.], seq 1401:2801, ack 518, win 261, options [nop,nop,TS val 2232838110 ecr 2382374933], length 1400
Relevant config for reference:
vyos@vyos:~$ show config comm | grep policy
set interfaces ethernet eth3 policy route 'HTTPS-FILTER' # eth3 is LAN interface, where linux host is located
set policy route HTTPS-FILTER rule 10 destination address '0.0.0.0/0'
set policy route HTTPS-FILTER rule 10 destination port 'https'
set policy route HTTPS-FILTER rule 10 protocol 'tcp'
set policy route HTTPS-FILTER rule 10 set table '103'
vyos@vyos:~$ show config comm | grep static
set protocols static route 0.0.0.0/0 next-hop 192.168.122.1
set protocols static table 103 route 0.0.0.0/0 next-hop 10.1.1.1
vyos@vyos:~$ show int
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface IP Address S/L Description
--------- ---------- --- -----------
eth0 192.168.122.240/24 u/u GRAL WAN
eth1 10.1.1.2/30 u/u HTTPS WAN
eth2 - u/D
eth3 192.168.50.1/24 u/u
lo 127.0.0.1/8 u/u
::1/128
vyos@vyos:~$ show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
F - PBR, f - OpenFabric,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
S>* 0.0.0.0/0 [1/0] via 192.168.122.1, eth0, weight 1, 00:30:42
C>* 10.1.1.0/30 is directly connected, eth1, 00:30:43
C>* 192.168.50.0/24 is directly connected, eth3, 00:30:43
C>* 192.168.122.0/24 is directly connected, eth0, 00:30:43
vyos@vyos:~$ show ip route table 103
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
F - PBR, f - OpenFabric,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
VRF default table 103:
S>* 0.0.0.0/0 [1/0] via 10.1.1.1, eth1, weight 1, 00:19:04
Also, in lab I have nat source configured