diff --git a/.gitignore b/.gitignore
index f93a73e..0f9466f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -29,7 +29,7 @@ override.tf.json
 
 # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
 # example: *tfplan*
-
+.DS_Store
 # Ignore CLI configuration files
 .terraformrc
 terraform.rc
diff --git a/main.tf b/main.tf
index b543752..b8fc6dc 100644
--- a/main.tf
+++ b/main.tf
@@ -3,12 +3,12 @@ provider "google" {
     region = var.region
 }
 
-resource "random_string" "vpc_suffix" {
-    length = 4
-    lower = true
-    upper = false
-    special = false
-}
+# resource "random_string" "vpc_suffix" {
+#     length = 4
+#     lower = true
+#     upper = false
+#     special = false
+# }
 
 resource "google_compute_network" "private_vpc" {
     name = var.vpc_name
@@ -44,8 +44,21 @@ resource "google_compute_firewall" "private_vpc_firewall" {
 
     allow {
       protocol = var.webapp_firewall_protocol
-      ports = var.webapp_firewall_protocol_ports
+      ports = var.webapp_firewall_protocol_allow_ports
+    }
+    source_tags = var.webapp_firewall_source_tags
+    target_tags = var.webapp_firewall_target_tags
+}
+
+resource "google_compute_firewall" "private_vpc_firewall1" {
+    name = var.webapp_firewall_ssh
+    network = google_compute_network.private_vpc.name
+
+    deny {
+      protocol = var.webapp_firewall_protocol
+      ports = var.webapp_firewall_protocol_deny_ports
     }
+
     source_tags = var.webapp_firewall_source_tags
     target_tags = var.webapp_firewall_target_tags
 }
diff --git a/variables.tf b/variables.tf
index ef1db8a..dd44a6e 100644
--- a/variables.tf
+++ b/variables.tf
@@ -105,7 +105,15 @@ variable "webapp_firewall_protocol" {
     type = string
 }
 
-variable "webapp_firewall_protocol_ports" {
+variable "webapp_firewall_ssh" {
+    type = string
+}
+
+variable "webapp_firewall_protocol_allow_ports" {
+    type = list(string)
+}
+
+variable "webapp_firewall_protocol_deny_ports" {
     type = list(string)
 }