Routes from should not use device in rule definition.

When using device in rule definition it is used as iif(input interface).

When connection is made to IP maching from, duging looking for return path packet does not have input interface assigned, only source ip.

Because of this behavior we should not add dev to from definitions.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information