That’s under Content Blocking > Application Blocking, not a firewall rule.
I think the best way is via DNS proxy and service forwarding whereby and DNS request from devices on your network will get forwarded and proxied by the SOHO to your DNS resolver.
Problem is having it locally hosted doesn’t work as it creates an endless loop it seems. That has been my experience anyways. Unless Peplink has enabled a fix in the firmware for this. It would have to ignore the dns proxy and forwarding if the request is coming from the designated DNS resolver on the LAN.
@MartinLangmaid had suggested putting my PiHole at the time on a spare WAN and setting an outbound policy but I haven’t gotten around to it. I have since moved to NextDNS CLI on my raspberryPi but principle still applies.
You would still want to service forward DNS to proxy in this case to avoid any device on your network from overriding their DNS resolver.
If I recall correctly the SOHO doesn’t have a spare WAN port, but has a USB wan? If so test out with supported USB ethernet adapter and connect the raspberryPi to USB WAN with the adapter. I haven’t tested this though.