Excluding non contiguous IP blocks from load balancing?

Hey, I am using vyos 1.5 rolling releases. I have multiple wans and I use the built in load balancing feature for failover. Load balancing rules are applied before route policies so I have to exclude all the traffic that’ll be managed by a route policy from load balancer subsystem.

How do I do this for a large number of distinct/non contiguous addresses(on the source or destination side)?

Can you add addresses into an address group, and apply policy to that group?

That’s the issue, the current LB interface does not let me pick any group. :confused:

Here is what my config looks like for now,

 wan {
     disable-source-nat
     enable-local-traffic
     flush-connections
     interface-health eth1 {
         nexthop 100.0.0.1
         test 1 {
             resp-time 2
             target 1.0.0.1
             ttl-limit 64
             type ping
         }
     }
     interface-health pppoe0 {
         failure-count 2
         nexthop 100.64.0.1
         test 1 {
             resp-time 2
             target 1.0.0.1
             ttl-limit 64
             type ping
         }
     }
     rule 1 {
         description "Exclude LAN traffic"
         destination {
             address 10.0.0.0/8
         }
         exclude
         inbound-interface br0+
         protocol all
         source {
             address 0.0.0.0/0
         }
     }
     rule 2 {
         description "Exclude traffic to 5g modem"
         destination {
             address 192.168.8.0/24
         }
         exclude
         inbound-interface br0+
         protocol all
         source {
             address 0.0.0.0/0
         }
     }
     rule 3 {
         description "Exclude Fiber Modem traffic"
         destination {
             address 192.168.1.0/24
         }
         exclude
         inbound-interface br0+
         protocol all
         source {
             address 0.0.0.0/0
         }
     }
     rule 4 {
         description "Exclude outgoing DNS traffic"
         destination {
             port 53
         }
         exclude
         inbound-interface br0+
         protocol udp
         source {
             address 0.0.0.0/0
         }
     }
     rule 5 {
         description "Exclude outgoing DNS traffic"
         destination {
             port 53
         }
         exclude
         inbound-interface br0+
         protocol tcp
         source {
             address 0.0.0.0/0
         }
     }
     rule 6 {
         description "Exclude WAN4 traffic"
         destination {
             address 0.0.0.0/0
         }
         exclude
         inbound-interface br0+
         source {
             address 10.0.50.21
         }
     }
     rule 7 {
         description "Exclude HZ traffic"
         destination {
             address 23.227.38.0/24
         }
         exclude
         inbound-interface br0+
     }
     rule 9 {
         description WAN1_ONLY
         exclude
         inbound-interface br0.150
         protocol all
         source {
             address 10.0.150.0/24
         }
     }
     rule 10 {
         description WAN2_ONLY
         exclude
         inbound-interface br0.160
         protocol all
         source {
             address 10.0.160.0/24
         }
     }
     rule 11 {
         description WAN1_WAN2_FAILOVER
         failover
         inbound-interface br0+
         interface eth1 {
             weight 1
         }
         interface pppoe0 {
             weight 2
         }
         protocol all
         source {
             address 0.0.0.0/0
         }
     }
     sticky-connections {
         inbound
     }
 }

Any way, This is all moot now. I’ll be removing the load balancing config completely and roll out my own failover config with route policies and connection marks. The current LB system is too disruptive and causing too many problems.