Shorewall 4-interface setup

I am trying to use shorewall on Arch to manage a setup with 2 local networks and 2 ISP connections. Ultimately I want traffic from local network 1 (192.168.1.0/24 interface enp5s0) to use ISP 1 (76. ... interface enp6s0) and traffic from local 2 (192.168.0.0/24 interface enp7s0) to use ISP 2 (99. ... interface enp3s0). Currently, I can make one or the other work, but not both, depending on which default route comes first: output of ip route ls with sensitive information redacted: default via 76.[rd].1 dev enp6s0 src 76.[rd].78 metric 203 mtu 576 default via 99.[rd].1 dev enp3s0 src 99.[rd].190 metric 205 76.[rd].0/24 dev enp6s0 proto kernel scope link src 76.[rd].78 metric 203 mtu 576 76.[rd].78 dev enp6s0 scope link src 76.[rd].78 99.194.48.0/21 dev enp3s0 proto kernel scope link src 99.[rd].190 metric 205 99.[rd].190 dev enp3s0 scope link src 99.[rd].190 192.168.0.0/24 dev enp7s0 proto kernel scope link src 192.168.0.1 metric 204 192.168.1.0/24 dev enp5s0 proto kernel scope link src 192.168.1.1 metric 202 With the above output, local 1 would be able to reach the outside, but local 2 would not. Vice-versa if the first line were gone. I'm pretty sure multiple default routes is a no-no, even with multiple ISPs, but this is how shorewall did it. Since there was no example for this anywhere, I based it off of shorewall's three-interface example. To avoid making this post insanely long, here are links to pastes of each relevant shorewall configs: - interfaces: http://pastebin.com/u7w3YJdx - mangle: http://pastebin.com/1X2hrLCZ - masq: http://pastebin.com/bi9EEtwD - policy: http://pastebin.com/mBBZQ0wg - rtrules: http://pastebin.com/ySSLpMWd - providers: http://pastebin.com/YjDfKZzg - zones: http://pastebin.com/XVgYz3dn Shorewall's pages on the matter are unhelpful because the goal in their example is very different from my goal. Any pointers in the right direction would be much appreciated.