diff --git a/README.md b/README.md
index 96e8267a0..469dc5356 100644
--- a/README.md
+++ b/README.md
@@ -214,6 +214,18 @@ module "vpc_cidr_from_ipam" {
 }
 ```
 
+## Disable default route creation for public subnets
+
+Disabling the creation of the default can be used if you want have a default pointing to other gateways than the internet gateway(IGW)
+
+This is useful if you ex. would want to route all traffic through a AWS Network Firewall, but can also be useful for other purposes
+
+You disable the creation by setting the var.public_enable_default_route variable ex.
+
+```hcl
+  public_disable_default_route = false  # <= By default it is true to maintain existing behavior
+```
+
 ## Examples
 
 - [Block Public Access](https://github.com/terraform-aws-modules/terraform-aws-vpc/tree/master/examples/block-public-access)
@@ -529,6 +541,7 @@ No modules.
 | <a name="input_propagate_public_route_tables_vgw"></a> [propagate\_public\_route\_tables\_vgw](#input\_propagate\_public\_route\_tables\_vgw) | Should be true if you want route table propagation | `bool` | `false` | no |
 | <a name="input_public_acl_tags"></a> [public\_acl\_tags](#input\_public\_acl\_tags) | Additional tags for the public subnets network ACL | `map(string)` | `{}` | no |
 | <a name="input_public_dedicated_network_acl"></a> [public\_dedicated\_network\_acl](#input\_public\_dedicated\_network\_acl) | Whether to use dedicated network ACL (not default) and custom rules for public subnets | `bool` | `false` | no |
+| <a name="input_public_enable_default_route"></a> [public\_enable\_default\_route](#input\_public\_enable\_default\_route) | Disable default route to internet gateway for public subnets | `bool` | `true` | no |
 | <a name="input_public_inbound_acl_rules"></a> [public\_inbound\_acl\_rules](#input\_public\_inbound\_acl\_rules) | Public subnets inbound network ACLs | `list(map(string))` | <pre>[<br/>  {<br/>    "cidr_block": "0.0.0.0/0",<br/>    "from_port": 0,<br/>    "protocol": "-1",<br/>    "rule_action": "allow",<br/>    "rule_number": 100,<br/>    "to_port": 0<br/>  }<br/>]</pre> | no |
 | <a name="input_public_outbound_acl_rules"></a> [public\_outbound\_acl\_rules](#input\_public\_outbound\_acl\_rules) | Public subnets outbound network ACLs | `list(map(string))` | <pre>[<br/>  {<br/>    "cidr_block": "0.0.0.0/0",<br/>    "from_port": 0,<br/>    "protocol": "-1",<br/>    "rule_action": "allow",<br/>    "rule_number": 100,<br/>    "to_port": 0<br/>  }<br/>]</pre> | no |
 | <a name="input_public_route_table_tags"></a> [public\_route\_table\_tags](#input\_public\_route\_table\_tags) | Additional tags for the public route tables | `map(string)` | `{}` | no |
diff --git a/main.tf b/main.tf
index 31deb5988..97e43c666 100644
--- a/main.tf
+++ b/main.tf
@@ -202,7 +202,7 @@ resource "aws_route_table_association" "public" {
 }
 
 resource "aws_route" "public_internet_gateway" {
-  count = local.create_public_subnets && var.create_igw ? local.num_public_route_tables : 0
+  count = alltrue([local.create_public_subnets, var.create_igw, var.public_enable_default_route]) ? local.num_public_route_tables : 0
 
   region = var.region
 
@@ -216,7 +216,7 @@ resource "aws_route" "public_internet_gateway" {
 }
 
 resource "aws_route" "public_internet_gateway_ipv6" {
-  count = local.create_public_subnets && var.create_igw && var.enable_ipv6 ? local.num_public_route_tables : 0
+  count = alltrue([local.create_public_subnets, var.create_igw, var.enable_ipv6, var.public_enable_default_route]) ? local.num_public_route_tables : 0
 
   region = var.region
 
diff --git a/variables.tf b/variables.tf
index ea23a3e52..01e33f573 100644
--- a/variables.tf
+++ b/variables.tf
@@ -280,6 +280,12 @@ variable "public_route_table_tags" {
   default     = {}
 }
 
+variable "public_enable_default_route" {
+  description = "Disable default route to internet gateway for public subnets"
+  type        = bool
+  default     = true
+}
+
 ################################################################################
 # Public Network ACLs
 ################################################################################
diff --git a/wrappers/main.tf b/wrappers/main.tf
index bef0c73fc..c303ad233 100644
--- a/wrappers/main.tf
+++ b/wrappers/main.tf
@@ -310,6 +310,7 @@ module "wrapper" {
   propagate_public_route_tables_vgw                             = try(each.value.propagate_public_route_tables_vgw, var.defaults.propagate_public_route_tables_vgw, false)
   public_acl_tags                                               = try(each.value.public_acl_tags, var.defaults.public_acl_tags, {})
   public_dedicated_network_acl                                  = try(each.value.public_dedicated_network_acl, var.defaults.public_dedicated_network_acl, false)
+  public_enable_default_route                                   = try(each.value.public_enable_default_route, var.defaults.public_enable_default_route, true)
   public_inbound_acl_rules = try(each.value.public_inbound_acl_rules, var.defaults.public_inbound_acl_rules, [
     {
       rule_number = 100