diff --git a/03-pfsense-network.tf b/03-pfsense-network.tf
index 512db34..f4c83a8 100644
--- a/03-pfsense-network.tf
+++ b/03-pfsense-network.tf
@@ -19,18 +19,87 @@ resource "stackit_network" "lan_network" {
   project_id         = var.STACKIT_PROJECT_ID
   name               = "lan_network"
   ipv4_nameservers   = ["208.67.222.222", "9.9.9.9"]
-  ipv4_prefix_length = 24
   routed             = true
 }
 
+resource "stackit_security_group" "sec_group_wan" {
+  project_id = var.STACKIT_PROJECT_ID
+  name       = "sec_group"
+  labels = {
+    "key" = "value"
+  }
+}
+
+resource "stackit_security_group_rule" "sec_icmp" {
+  project_id        = var.STACKIT_PROJECT_ID
+  security_group_id = stackit_security_group.sec_group_wan.security_group_id
+  direction         = "ingress"
+  icmp_parameters = {
+    code = 0
+    type = 8
+  }
+  protocol = {
+    name = "icmp"
+  }
+}
+
+resource "stackit_security_group_rule" "sec_tcp" {
+  project_id        = var.STACKIT_PROJECT_ID
+  security_group_id = stackit_security_group.sec_group_wan.security_group_id
+  direction         = "ingress"
+  port_range = {
+    max = 443
+    min = 443
+  }
+  protocol = {
+    name = "tcp"
+  }
+}
+
+resource "stackit_security_group" "sec_group_lan" {
+  project_id = var.STACKIT_PROJECT_ID
+  name       = "sec_group"
+  labels = {
+    "key" = "value"
+  }
+}
+
+#resource "stackit_security_group_rule" "lan_sec_icmp" {
+#  project_id        = var.STACKIT_PROJECT_ID
+#  security_group_id = stackit_security_group.sec_group_lan.security_group_id
+#  direction         = "ingress"
+#  icmp_parameters = {
+#    code = 0
+#    type = 8
+#  }
+#  protocol = {
+#    name = "icmp"
+#  }
+#}
+
+#resource "stackit_security_group_rule" "lan_sec_tcp" {
+#  project_id        = var.STACKIT_PROJECT_ID
+#  security_group_id = stackit_security_group.sec_group_lan.security_group_id
+#  direction         = "ingress"
+#  port_range = {
+#    max = 443
+#    min = 443
+#  }
+#  protocol = {
+#    name = "tcp"
+#  }
+#}
+
 resource "stackit_network_interface" "nic_wan" {
   project_id         = var.STACKIT_PROJECT_ID
   network_id         = stackit_network.wan_network.network_id
+  security_group_ids = [stackit_security_group.sec_group_wan.security_group_id]
 }
 
 resource "stackit_network_interface" "nic_lan" {
   project_id         = var.STACKIT_PROJECT_ID
   network_id         = stackit_network.lan_network.network_id
+  security_group_ids = [stackit_security_group.sec_group_lan.security_group_id]
   depends_on         = [stackit_network_interface.nic_wan]
 }