diff --git a/routers/white-house/configuration.nix b/routers/white-house/configuration.nix
index 9526f10..ac58372 100644
--- a/routers/white-house/configuration.nix
+++ b/routers/white-house/configuration.nix
@@ -25,6 +25,7 @@ in
     "${inputs.liminix}/modules/vlan"
     "${inputs.liminix}/modules/ssh"
     "${inputs.liminix}/modules/bridge"
+    "${inputs.liminix}/modules/health-check"
     "${modulesPath}/profiles/gateway.nix"
   ];
 
@@ -59,6 +60,35 @@ in
     }
   );
 
+  services.reAddDefaultroute =
+    let
+      threshold = 3;
+      healthCheck = pkgs.writeAshScript "ping-check" { } "ping 1.1.1.1";
+    in
+    pkgs.liminix.services.longrun rec {
+      # dependencies = [ config.services.wan ];
+      name = "hack-default-route";
+      run = ''
+        fails=0
+        while sleep 10 ; do
+          ${healthCheck}
+          if test $? -gt 0; then
+            fails=$(expr $fails + 1)
+          else
+            fails=0
+          fi
+          echo fails $fails/${toString threshold} for ${name}
+          if test "$fails" -gt "${toString threshold}" ; then
+            echo [+] adding default route
+            ${config.services.defaultroute4}/${config.services.defaultroute4.name}/up
+            ${config.services.defaultroute6}/${config.services.defaultroute6.name}/up
+            echo bounced
+            fails=0
+          fi
+        done
+      '';
+    };
+
   profile.gateway = {
     lan = {
       interfaces = with config.hardware.networkInterfaces; [