I think it could be done without using iRules.
Have network routes and a default route configured first in your network settings.
Have specific network virtual servers (ForwardingIP) for your RFC1918, protocol 'all' and port 'any'.
Have an additional wildcard network virtual server on 0.0.0.0/0 (ForwardingIP), protocol 'all' port 'any' with SNAT AutoMap enabled.
Most specific virtual servers will apply.
Now you should be done.
Don´t forget to enable SNAT for 'All protocols':
tmsh modify ltm global-settings general snat-packet-forward enabled
tmsh save sys config
tmsh run cm config-sync to-group device-group-failover
Otherwise your PINGs to the outside world will not be SNATed.