Look here at my configuration: https://community.ipfire.org/t/ipfire-dmz-network-and-vpn-ipsec/8993
I also put the rule like you in the Ipfire config.
But the packets do not go from the DMZ to Amazon AWS and vice versa.
I don’t understand what’s wrong 
I can see the requests (ICMP in my case) arriving on my firewall but they are not directed to the machines concerned.
Here are the network and IP concerned:
DMZ firewall interface is 192.168.5.1
DMZ machine is: 192.168.5.12
AWS machine is: 172.18.6.12
From my Green interface…I have no problem reaching the AWS network. The problem is just to my DMZ or my Wifi network (Blue).
Should I add a static route ?
I don’t see what route I should put since the firewall knows how to route the traffic to the concerned networks (DMZ, BLUE, GREEN and AWS ipsec).
Any ideas ?