When both SNAT and an outbound traffic-policy have been configured, translations will happen before traffic policy comes into action. So, if a traffic-policy has been configured to classify traffic according to addresses, that will not work, as traffic-policy will see translated addresses. So very likely all the traffic will end up in its //default// class.
Fortunately there is a solution for it when SNAT is in place and we want to apply a traffic-policy to outbound traffic, it is explained [[ https://blog.vyos.io/using-the-policy-route-and-packet-marking-for-custom-qos-matches | here ]]. However, I have not found a CLI solution for incoming traffic when there is SNAT.
Without SNAt, we do "ingress shaping" by using IFB. [[ https://docs.vyos.io/en/latest/qos.html#the-case-of-ingress-shaping | Here ]] is the explanation.
It is also possible to have successfully have Ingress Shaping with SNAT, it is explained [[ https://wiki.archlinux.org/index.php/advanced_traffic_control#Example_of_ingress_traffic_shaping_with_SNAT | here ]] but I have not found the way to configure it through the CLI. Maybe with conntrack-sync?
It would be nice to have that missing part in order to have a complete QoS solution for the most common scenarios.