Hi,
I think you are not either not matching the correct destination or not applied to the interface correctly.
if destination-address is 172.16.1.0/24 then you cannot apply it on the reth 0.0 interface .
I am assuming it as outgoing interface for internet.
Apply this filter to the trust interface as outbound filter and test it.
if NAT is applied , then destination servers will use Natted ip address as the destination so we cannot use match filter as private ip address and apply it to reth0.0 interface.
Regards
rparthi
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too