:local a 0
/ip fi ma add chain=prerouting action=accept src-address=$"remote-address" protocol=tcp dst-port=3389,445 comment=$"user"
while ($a!=60) do ={
:local j [ip fi ma get [find comment=$user] packets]
:delay 10
:local k [ip fi ma get [find comment=$user] packets]
if ($j=$k) do {: set a (a+1)}
if ($j!=$k) do {:set a 0}
}
/ppp secrets disable [find name=$user]
/ppp active remove [find name=$user]
:delay 20
/ppp secrets enable [find name=$user]

Try filtering on the preroute, on the raw tab for the necessary ports, if that doesn't work, I have an idea only a firewall or disabling the default route in the connection settings