This way would allow breaking IPsec, OpenVPN and all the other services with a user-defined rule which is not what is intended. The chains are also ordered by how likely it is to hit them with things like port-forwardings being least likely to be hit.
I appreciate your comments around this, but there has been so much time spent on making the firewall engine as flexible, fast and of course secure. You have already posted how to solve this with the CUSTOM* chains which I would say is the way to go if you actually must block access to the VPN services.