How to masquerade from an interface to another on selected destination addresses?

I have a wireguard VPN running to access my local network from outside. I used to use nft but for that server, I use firewalld. Here is my nft command to allow masquerade: PostUp = nft add rule inet POSTROUTING_%i postrouting ip daddr 192.168.1.1/24 masquerade How can I do that with firewalld? The main interface and the VPN interface are both in the public zone.

public (active)
  target: default
  icmp-block-inversion: no
  interfaces: enp2s0
  sources: 
  services: cockpit dhcpv6-client nfs samba ssh vnc-server
  ports: 80/tcp 443/tcp
  protocols: 
  forward: yes
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: