Você precisa usar opções diretas :
[--permanent] --direct --add-rule { ipv4 | ipv6 | eb } table chain priority args
Add a rule with the arguments args to chain chain in table table with priority priority.
firewall-cmd --permanent --direct --add-rule NAT POSTROUTING 0 -o eth0 -j SNAT --to 1.2.3.4
ou
--direct --passthrough { ipv4 | ipv6 | eb } args
Pass a command through to the firewall. args can be all iptables, ip6tables and ebtables command line arguments. This command is untracked, which means that firewalld is not able to provide information about this command later on, also not a listing of the untracked passthoughs.
firewall-cmd --permanent --direct --passthrough -t nat -A POSTROUTING -o eth0 -j SNAT --to 1.2.3.4