Intro
Your presumption is not fully correct. The fact that the system is using Firewalld doesn't mean that iptables commands is not working... Both (iptables & firewalld) setting the same stuff in relation to the kernel - it is just the option how to set it up. The true is that once you are using firewalld and something is set up utilizing iptables command it is working until firewalld rules are reloaded as this "additional" rules is not known to firewalld - it has not firewalld object representation.
The question is if this is really issue in case of not persistent tunnel - in case of reboot the tunnel is not persistent and during re-establishing the connection all the setting can be set up again so I don't see "runtime state" of the setting as a really issue...
Specifically to the question
Firewalld has --direct switch which is recommended to use as last option (if you don't have any other option how to set up the rule) but it is there... The syntax is the most close to iptables so that is why I am pointing directly this option. In case you want to have the rule persistent you can use also --peristent option but I think in this case it is not wanted.
The syntax in general is :
firewall-cmd --direct --add-rule { ipv4 | ipv6 | eb } <table> <chain> <priority> <args>
default table is filter so in case you are using iptables without -t option you are working with table filter.
iptables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT
would correspond with
firewall-cmd --direct --add-rule ipv4 filter OUTPUT 0 ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT
As you can see the difference is "only" in the beginning in the way how to say where the rule would be added. The <args>
part is the same as in case of iptables command.
I hope this example will be sufficient for you to be able to rewrite any rule(s) into firewalld syntax. Good luck!
-------- edit : adding -D "alternative" ----------
iptables -D OUTPUT ...
correspond with
firewall-cmd --direct --remove-rule { ipv4 | ipv6 | eb } <table> <chain> <priority> <args>