DSCP / TOS mangling for outbound wireguard UDP packets

[TheLinuxGuy]

I'm looking to ensure that UDP packets sent outbound to a wireguard server from opnsense are tagged with high TOS priority DSCP 46 (voice).

If memory serves me right - I can modify TOS/DSCP when a rule matches on the firewall BUT I believe OUTBOUND rules is something that opnsense wouldn't be able to handle for when the wireguard server is opnsense itself?

Can someone help validate if the above is accurate - any hints on making this possible? short workaround I can think of is to have another device on the network (not opnsense) be the wireguard client and then have opnsense mark the packet from that client outbound - ideally though opnsense should be able to do this packet mangling as soon as it leaves the wireguard binary if it runs on itself.

[mimugmail]

I think it should work, just mark them and check dscp with wireshark