Well that’s the most probable cause, i.e. the WAN-load-balancing, because just like policy routing it uses iptables -t mangle rules to mark the packets with a given routing table (and this marking happens before the policy routing ones). (Therefore the actual order of your rules doesn’t matter, unless those tables are empty…)
It doesn’t even help if you exclude traffic from the WAN-load-balancing feature, as this “breaks” the policy routing by not letting those packets get marked.
Could you paste the output of sudo iptables -t mangle -S? (If you see any -j ACCEPT before your policy routing rules, then the WAN-load-balancing is causing your issues…)
I’ll point you to a previous post of mine that tackles the issue with WAN-load-balancing and its integration with the rest of VyOS features. (Even if you are not using WAN-load-balancing, the custom script I wrote, “fixes” the -j ACCEPT issue.)