kill switch/network lock اجرای بر روی mikrotik haplite

سلام خدمت همه عزیزان

بنده تنظیمات زیر رو روی روتر بوردم انجام دادم و یک l2tp client ساختم

# sep/17/2021 19:44:38 by RouterOS 6.48.4
# software id = 5T91-92CB
#
# model = RouterBOARD 941-2nD
# serial number = 5B320454C9D1
/interface l2tp-client
add connect-to=serveraddress disabled=no ipsec-secret=123456789 \
    name=l2tp-out1 password=pass use-ipsec=yes user=user
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa-psk,wpa2-psk eap-methods="" \
    management-protection=allowed mode=dynamic-keys name=iphone \
    supplicant-identity="" wpa-pre-shared-key=3130313031300 \
    wpa2-pre-shared-key=3130313031300
add authentication-types=wpa-psk,wpa2-psk eap-methods="" \
    management-protection=allowed mode=dynamic-keys name=wifi \
    supplicant-identity="" wpa-pre-shared-key=3130313031300 \
    wpa2-pre-shared-key=3130313031300
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n country=uzbekistan disabled=\
    no frequency=2437 name=wlan-station security-profile=iphone ssid=\
    "Jacob iphone"
add disabled=no keepalive-frames=disabled mac-address=4E:5E:0C:F1:7A:BB \
    master-interface=wlan-station multicast-buffering=disabled name=\
    wifi1-ap-bridge1 security-profile=wifi ssid=wifi1 wds-cost-range=0 \
    wds-default-cost=0 wps-mode=disabled
add disabled=no keepalive-frames=disabled mac-address=4E:5E:0C:F1:7A:BC \
    master-interface=wlan-station multicast-buffering=disabled name=\
    wifi2-ap-bridge2 security-profile=wifi ssid=wifi2 wds-cost-range=0 \
    wds-default-cost=0 wps-mode=disabled
/ip pool
add name=dhcp_pool0 ranges=192.168.1.2-192.168.1.254
add name=dhcp_pool1 ranges=192.168.2.2-192.168.2.254
add name=dhcp_pool2 ranges=192.168.3.2-192.168.3.254
add name=dhcp_pool3 ranges=192.168.4.2-192.168.4.254
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=ether1 name=dhcp1
add address-pool=dhcp_pool1 disabled=no interface=ether2 name=dhcp2
add address-pool=dhcp_pool2 disabled=no interface=wifi1-ap-bridge1 name=dhcp3
add address-pool=dhcp_pool3 disabled=no interface=wifi2-ap-bridge2 name=dhcp4
/ip address
add address=192.168.1.1/24 interface=ether1 network=192.168.1.0
add address=192.168.2.1/24 interface=ether2 network=192.168.2.0
add address=192.168.3.1/24 interface=wifi1-ap-bridge1 network=192.168.3.0
add address=192.168.4.1/24 interface=wifi2-ap-bridge2 network=192.168.4.0
/ip dhcp-client
add add-default-route=no disabled=no interface=wlan-station
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=192.168.1.1 gateway=192.168.1.1
add address=192.168.2.0/24 dns-server=192.168.2.1 gateway=192.168.2.1
add address=192.168.3.0/24 dns-server=192.168.3.1 gateway=192.168.3.1
add address=192.168.4.0/24 dns-server=192.168.4.1 gateway=192.168.4.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4,4.2.2.4
/ip firewall mangle
add action=mark-routing chain=prerouting new-routing-mark=vpn-label \
    passthrough=no src-address=192.168.2.0/24
add action=mark-routing chain=prerouting new-routing-mark=vpn-label \
    passthrough=no src-address=192.168.4.0/24
add action=mark-routing chain=output dst-port=53 new-routing-mark=vpn-label \
    passthrough=no protocol=tcp
add action=mark-routing chain=output dst-port=53 new-routing-mark=vpn-label \
    passthrough=no protocol=udp
/ip firewall nat
add action=masquerade chain=srcnat
/ip route
add distance=1 gateway=l2tp-out1 routing-mark=vpn-label
add distance=1 gateway=172.20.10.1
/system clock
set time-zone-name=Asia/Tehran
/system watchdog
set ping-timeout=40s watchdog-timer=no

قصد دارم سناریویی داشته باشم که در صورت قطع شدن l2tp (به هر دلیلی ) کل اینترنت دریافتی از ether 2 قطع بشه و به اصطلاح یک kill switch یا network lock داشته باشم

ممنون میشم اساتید راهنمایی بفرمایند