I have a REDIRECT rule that redirects all DNS ( tcp/udp port 53 ) from anywhere to the router dnsmasq. This force any device to use my dns instead of any other DNS outhere. ( yeah, i know there is DOT and DOH, but that's not in the scope of this question ).
The problem is that I have one single device on my network that I want to be able to talk to any upstream DNS, so I would like to bypass the redirection rule for that device.
This is my rule right now:
config redirect
option target 'DNAT'
option src 'lan'
option dest_port '53'
option src_dport '53'
list proto 'tcp'
list proto 'udp'
option dest 'wan'
option name 'redirect-dns-from-lan'
Is there a way to use something like 
config redirect
option target 'DNAT'
option src 'lan'
option dest_port '53'
option src_dport '53'
list proto 'tcp'
list proto 'udp'
option dest 'wan'
option name 'redirect-dns-from-lan'
option src_ip '!192.168.254.123' --> everything except 192.168.254.123