Also not sure this works, always depending on the vuln your traffic still gets forwarded to the second, and even the application which can still be exploited so not sure defence by depth works here.