diff --git a/internal/db/models/http_firewall_policy_dao.go b/internal/db/models/http_firewall_policy_dao.go
index d0beeca4..4594eb1a 100644
--- a/internal/db/models/http_firewall_policy_dao.go
+++ b/internal/db/models/http_firewall_policy_dao.go
@@ -130,6 +130,21 @@ func (this *HTTPFirewallPolicyDAO) CreateFirewallPolicy(tx *dbs.Tx, userId int64
 	if len(outboundJSON) > 0 {
 		op.Outbound = outboundJSON
 	}
+	op.UseLocalFirewall = true
+
+	{
+		synFloodJSON, err := json.Marshal(&firewallconfigs.SYNFloodConfig{
+			IsOn:           true,
+			MinAttempts:    10,
+			TimeoutSeconds: 600,
+			IgnoreLocal:    true,
+		})
+		if err != nil {
+			return 0, err
+		}
+		op.SynFlood = synFloodJSON
+	}
+
 	err := this.Save(tx, op)
 	return types.Int64(op.Id), err
 }
@@ -249,7 +264,7 @@ func (this *HTTPFirewallPolicyDAO) UpdateFirewallPolicyInbound(tx *dbs.Tx, polic
 }
 
 // UpdateFirewallPolicy 修改策略
-func (this *HTTPFirewallPolicyDAO) UpdateFirewallPolicy(tx *dbs.Tx, policyId int64, isOn bool, name string, description string, inboundJSON []byte, outboundJSON []byte, blockOptionsJSON []byte, mode firewallconfigs.FirewallMode, useLocalFirewall bool) error {
+func (this *HTTPFirewallPolicyDAO) UpdateFirewallPolicy(tx *dbs.Tx, policyId int64, isOn bool, name string, description string, inboundJSON []byte, outboundJSON []byte, blockOptionsJSON []byte, mode firewallconfigs.FirewallMode, useLocalFirewall bool, synFloodConfig *firewallconfigs.SYNFloodConfig) error {
 	if policyId <= 0 {
 		return errors.New("invalid policyId")
 	}
@@ -272,6 +287,17 @@ func (this *HTTPFirewallPolicyDAO) UpdateFirewallPolicy(tx *dbs.Tx, policyId int
 	if len(blockOptionsJSON) > 0 {
 		op.BlockOptions = blockOptionsJSON
 	}
+
+	if synFloodConfig != nil {
+		synFloodConfigJSON, err := json.Marshal(synFloodConfig)
+		if err != nil {
+			return err
+		}
+		op.SynFlood = synFloodConfigJSON
+	} else {
+		op.SynFlood = "null"
+	}
+
 	op.UseLocalFirewall = useLocalFirewall
 	err := this.Save(tx, op)
 	if err != nil {
@@ -413,6 +439,16 @@ func (this *HTTPFirewallPolicyDAO) ComposeFirewallPolicy(tx *dbs.Tx, policyId in
 		config.BlockOptions = blockAction
 	}
 
+	// syn flood
+	if len(policy.SynFlood) > 0 {
+		var synFloodConfig = &firewallconfigs.SYNFloodConfig{}
+		err = json.Unmarshal([]byte(policy.SynFlood), synFloodConfig)
+		if err != nil {
+			return nil, err
+		}
+		config.SYNFlood = synFloodConfig
+	}
+
 	if cacheMap != nil {
 		cacheMap.Put(cacheKey, config)
 	}
diff --git a/internal/db/models/http_firewall_policy_model.go b/internal/db/models/http_firewall_policy_model.go
index 6a3b067e..dbb7b922 100644
--- a/internal/db/models/http_firewall_policy_model.go
+++ b/internal/db/models/http_firewall_policy_model.go
@@ -18,6 +18,7 @@ type HTTPFirewallPolicy struct {
 	BlockOptions     string `field:"blockOptions"`     // BLOCK选项
 	Mode             string `field:"mode"`             // 模式
 	UseLocalFirewall uint8  `field:"useLocalFirewall"` // 是否自动使用本地防火墙
+	SynFlood         string `field:"synFlood"`         // SynFlood防御设置
 }
 
 type HTTPFirewallPolicyOperator struct {
@@ -37,6 +38,7 @@ type HTTPFirewallPolicyOperator struct {
 	BlockOptions     interface{} // BLOCK选项
 	Mode             interface{} // 模式
 	UseLocalFirewall interface{} // 是否自动使用本地防火墙
+	SynFlood         interface{} // SynFlood防御设置
 }
 
 func NewHTTPFirewallPolicyOperator() *HTTPFirewallPolicyOperator {
diff --git a/internal/rpc/services/service_http_firewall_policy.go b/internal/rpc/services/service_http_firewall_policy.go
index 0294147c..83c6cbfc 100644
--- a/internal/rpc/services/service_http_firewall_policy.go
+++ b/internal/rpc/services/service_http_firewall_policy.go
@@ -285,7 +285,15 @@ func (this *HTTPFirewallPolicyService) UpdateHTTPFirewallPolicy(ctx context.Cont
 		return nil, err
 	}
 
-	err = models.SharedHTTPFirewallPolicyDAO.UpdateFirewallPolicy(tx, req.HttpFirewallPolicyId, req.IsOn, req.Name, req.Description, inboundConfigJSON, outboundConfigJSON, req.BlockOptionsJSON, req.Mode, req.UseLocalFirewall)
+	var synFloodConfig = &firewallconfigs.SYNFloodConfig{}
+	if len(req.SynFloodJSON) > 0 {
+		err = json.Unmarshal(req.SynFloodJSON, synFloodConfig)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	err = models.SharedHTTPFirewallPolicyDAO.UpdateFirewallPolicy(tx, req.HttpFirewallPolicyId, req.IsOn, req.Name, req.Description, inboundConfigJSON, outboundConfigJSON, req.BlockOptionsJSON, req.Mode, req.UseLocalFirewall, synFloodConfig)
 	if err != nil {
 		return nil, err
 	}
@@ -476,6 +484,7 @@ func (this *HTTPFirewallPolicyService) FindEnabledHTTPFirewallPolicy(ctx context
 		InboundJSON:  []byte(policy.Inbound),
 		OutboundJSON: []byte(policy.Outbound),
 		Mode:         policy.Mode,
+		SynFloodJSON: []byte(policy.SynFlood),
 	}}, nil
 }
 
diff --git a/internal/rpc/services/service_ip_item.go b/internal/rpc/services/service_ip_item.go
index c10f9784..3b9eb722 100644
--- a/internal/rpc/services/service_ip_item.go
+++ b/internal/rpc/services/service_ip_item.go
@@ -566,6 +566,22 @@ func (this *IPItemService) ListAllEnabledIPItems(ctx context.Context, req *pb.Li
 			}
 		}
 
+		// 节点
+		var pbSourceNode *pb.Node
+		if item.SourceNodeId > 0 {
+			node, err := models.SharedNodeDAO.FindEnabledBasicNode(tx, int64(item.SourceNodeId))
+			if err != nil {
+				return nil, err
+			}
+			if node != nil {
+				pbSourceNode = &pb.Node{
+					Id:          int64(node.Id),
+					Name:        node.Name,
+					NodeCluster: &pb.NodeCluster{Id: int64(node.ClusterId)},
+				}
+			}
+		}
+
 		var pbItem = &pb.IPItem{
 			Id:                            int64(item.Id),
 			IpFrom:                        item.IpFrom,
@@ -587,6 +603,7 @@ func (this *IPItemService) ListAllEnabledIPItems(ctx context.Context, req *pb.Li
 			SourceHTTPFirewallPolicy:      pbSourcePolicy,
 			SourceHTTPFirewallRuleGroup:   pbSourceGroup,
 			SourceHTTPFirewallRuleSet:     pbSourceSet,
+			SourceNode:                    pbSourceNode,
 			IsRead:                        item.IsRead == 1,
 		}