router – How can I forcibly block all the Internet traffic that doesn’t go through a VPN to prevent accidental IP leak?

I need to block all the Internet connections that don’t go through a VPN server before they even get the chance to happen. How can I achieve this on Mac OS Big Sur? Mac OS doesn’t seem to have any embedded tools that would allow me to do so (unlike Android, for example). Maybe there’s a router firmware that would allow me to force a VPN-only connection on a specific device (does OpenVRT have such capabilities?)? Anything will do, but router configuration is preferable. I know that in order to prevent an IP-leak I must configure my browser very specifically (Javascript leakage prevention, or use Tor), but that’s irrelevant in my case.