增加IP级别和WAF动作

2026-02-03 09:45:56 +08:00 · 2021-02-06 17:37:09 +08:00
parent ed302370e9
commit 245c4374b4
46 changed files with 1000 additions and 186 deletions
--- a/internal/web/actions/default/clusters/cluster/settings/firewall-actions/createPopup.go
+++ b/internal/web/actions/default/clusters/cluster/settings/firewall-actions/createPopup.go
@@ -0,0 +1,115 @@
+package firewallActions
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+	"github.com/iwind/TeaGo/actions"
+)
+
+type CreatePopupAction struct {
+	actionutils.ParentAction
+}
+
+func (this *CreatePopupAction) Init() {
+	this.Nav("", "", "")
+}
+
+func (this *CreatePopupAction) RunGet(params struct {
+	ClusterId int64
+}) {
+	this.Data["clusterId"] = params.ClusterId
+	this.Data["actionTypes"] = firewallconfigs.FindAllFirewallActionTypes()
+
+	this.Show()
+}
+
+func (this *CreatePopupAction) RunPost(params struct {
+	ClusterId  int64
+	Name       string
+	EventLevel string
+	Type       string
+
+	// ipset
+	IpsetWhiteName          string
+	IpsetBlackName          string
+	IpsetAutoAddToIPTables  bool
+	IpsetAutoAddToFirewalld bool
+
+	// script
+	ScriptPath string
+
+	// http api
+	HttpAPIURL string
+
+	Must *actions.Must
+	CSRF *actionutils.CSRF
+}) {
+	defer this.CreateLogInfo("创建WAF动作")
+
+	params.Must.
+		Field("name", params.Name).
+		Require("请输入动作名称").
+		Field("type", params.Type).
+		Require("请选择动作类型")
+
+	var actionParams interface{} = nil
+	switch params.Type {
+	case firewallconfigs.FirewallActionTypeIPSet:
+		params.Must.
+			Field("ipsetWhiteName", params.IpsetWhiteName).
+			Require("请输入IPSet白名单名称").
+			Match(`^\w+$`, "请输入正确的IPSet白名单名称").
+			Field("ipsetBlackName", params.IpsetBlackName).
+			Require("请输入IPSet黑名单名称").
+			Match(`^\w+$`, "请输入正确的IPSet黑名单名称")
+
+		actionParams = &firewallconfigs.FirewallActionIPSetConfig{
+			WhiteName:          params.IpsetWhiteName,
+			BlackName:          params.IpsetBlackName,
+			AutoAddToIPTables:  params.IpsetAutoAddToIPTables,
+			AutoAddToFirewalld: params.IpsetAutoAddToFirewalld,
+		}
+	case firewallconfigs.FirewallActionTypeIPTables:
+		actionParams = &firewallconfigs.FirewallActionIPTablesConfig{}
+	case firewallconfigs.FirewallActionTypeFirewalld:
+		actionParams = &firewallconfigs.FirewallActionFirewalldConfig{}
+	case firewallconfigs.FirewallActionTypeScript:
+		params.Must.
+			Field("scriptPath", params.ScriptPath).
+			Require("请输入脚本路径")
+		actionParams = &firewallconfigs.FirewallActionScriptConfig{
+			Path: params.ScriptPath,
+		}
+	case firewallconfigs.FirewallActionTypeHTTPAPI:
+		params.Must.
+			Field("httpAPIURL", params.HttpAPIURL).
+			Require("请输入API URL").
+			Match(`^(http|https):`, "API地址必须以http://或https://开头")
+		actionParams = &firewallconfigs.FirewallActionHTTPAPIConfig{
+			URL: params.HttpAPIURL,
+		}
+	default:
+		this.Fail("选择的类型'" + params.Type + "'暂时不支持")
+	}
+
+	actionParamsJSON, err := json.Marshal(actionParams)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	_, err = this.RPC().NodeClusterFirewallActionRPC().CreateNodeClusterFirewallAction(this.AdminContext(), &pb.CreateNodeClusterFirewallActionRequest{
+		NodeClusterId: params.ClusterId,
+		Name:          params.Name,
+		EventLevel:    params.EventLevel,
+		Type:          params.Type,
+		ParamsJSON:    actionParamsJSON,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Success()
+}
--- a/internal/web/actions/default/clusters/cluster/settings/firewall-actions/delete.go
+++ b/internal/web/actions/default/clusters/cluster/settings/firewall-actions/delete.go
@@ -0,0 +1,24 @@
+package firewallActions
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+)
+
+type DeleteAction struct {
+	actionutils.ParentAction
+}
+
+func (this *DeleteAction) RunPost(params struct {
+	ActionId int64
+}) {
+	defer this.CreateLogInfo("删除WAF动作 %d", params.ActionId)
+
+	_, err := this.RPC().NodeClusterFirewallActionRPC().DeleteNodeClusterFirewallAction(this.AdminContext(), &pb.DeleteNodeClusterFirewallActionRequest{NodeClusterFirewallActionId: params.ActionId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}
--- a/internal/web/actions/default/clusters/cluster/settings/firewall-actions/index.go
+++ b/internal/web/actions/default/clusters/cluster/settings/firewall-actions/index.go
@@ -0,0 +1,65 @@
+package firewallActions
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+	"github.com/iwind/TeaGo/maps"
+)
+
+type IndexAction struct {
+	actionutils.ParentAction
+}
+
+func (this *IndexAction) Init() {
+	this.Nav("", "setting", "")
+	this.SecondMenu("firewallAction")
+}
+
+func (this *IndexAction) RunGet(params struct {
+	ClusterId int64
+}) {
+	actionsResp, err := this.RPC().NodeClusterFirewallActionRPC().FindAllEnabledNodeClusterFirewallActions(this.AdminContext(), &pb.FindAllEnabledNodeClusterFirewallActionsRequest{NodeClusterId: params.ClusterId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	levelMaps := map[string][]maps.Map{} // level => actionMaps
+	for _, action := range actionsResp.NodeClusterFirewallActions {
+		actionMaps, ok := levelMaps[action.EventLevel]
+		if !ok {
+			actionMaps = []maps.Map{}
+		}
+
+		actionMaps = append(actionMaps, maps.Map{
+			"id":       action.Id,
+			"name":     action.Name,
+			"type":     action.Type,
+			"typeName": firewallconfigs.FindFirewallActionTypeName(action.Type),
+		})
+		levelMaps[action.EventLevel] = actionMaps
+	}
+
+	levelMaps2 := []maps.Map{} // []levelMap
+	hasActions := false
+	for _, level := range firewallconfigs.FindAllFirewallEventLevels() {
+		actionMaps, ok := levelMaps[level.Code]
+		if !ok {
+			actionMaps = []maps.Map{}
+		} else {
+			hasActions = true
+		}
+
+		levelMaps2 = append(levelMaps2, maps.Map{
+			"name":    level.Name,
+			"code":    level.Code,
+			"actions": actionMaps,
+		})
+	}
+
+	this.Data["levels"] = levelMaps2
+	this.Data["hasActions"] = hasActions
+
+	this.Show()
+}
--- a/internal/web/actions/default/clusters/cluster/settings/firewall-actions/updatePopup.go
+++ b/internal/web/actions/default/clusters/cluster/settings/firewall-actions/updatePopup.go
@@ -0,0 +1,144 @@
+package firewallActions
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/maps"
+)
+
+type UpdatePopupAction struct {
+	actionutils.ParentAction
+}
+
+func (this *UpdatePopupAction) Init() {
+	this.Nav("", "", "")
+}
+
+func (this *UpdatePopupAction) RunGet(params struct {
+	ActionId int64
+}) {
+	actionResp, err := this.RPC().NodeClusterFirewallActionRPC().FindEnabledNodeClusterFirewallAction(this.AdminContext(), &pb.FindEnabledNodeClusterFirewallActionRequest{NodeClusterFirewallActionId: params.ActionId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	action := actionResp.NodeClusterFirewallAction
+	if action == nil {
+		this.NotFound("nodeClusterFirewallAction", params.ActionId)
+		return
+	}
+
+	actionParams := maps.Map{}
+	if len(action.ParamsJSON) > 0 {
+		err = json.Unmarshal(action.ParamsJSON, &actionParams)
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+	}
+
+	this.Data["action"] = maps.Map{
+		"id":         action.Id,
+		"name":       action.Name,
+		"eventLevel": action.EventLevel,
+		"params":     actionParams,
+		"type":       action.Type,
+	}
+
+	// 通用参数
+	this.Data["actionTypes"] = firewallconfigs.FindAllFirewallActionTypes()
+
+	this.Show()
+}
+
+func (this *UpdatePopupAction) RunPost(params struct {
+	ActionId   int64
+	Name       string
+	EventLevel string
+	Type       string
+
+	// ipset
+	IpsetWhiteName          string
+	IpsetBlackName          string
+	IpsetAutoAddToIPTables  bool
+	IpsetAutoAddToFirewalld bool
+
+	// script
+	ScriptPath string
+
+	// http api
+	HttpAPIURL string
+
+	Must *actions.Must
+	CSRF *actionutils.CSRF
+}) {
+	defer this.CreateLogInfo("修改WAF动作 %d", params.ActionId)
+
+	params.Must.
+		Field("name", params.Name).
+		Require("请输入动作名称").
+		Field("type", params.Type).
+		Require("请选择动作类型")
+
+	var actionParams interface{} = nil
+	switch params.Type {
+	case firewallconfigs.FirewallActionTypeIPSet:
+		params.Must.
+			Field("ipsetWhiteName", params.IpsetWhiteName).
+			Require("请输入IPSet白名单名称").
+			Match(`^\w+$`, "请输入正确的IPSet白名单名称").
+			Field("ipsetBlackName", params.IpsetBlackName).
+			Require("请输入IPSet黑名单名称").
+			Match(`^\w+$`, "请输入正确的IPSet黑名单名称")
+
+		actionParams = &firewallconfigs.FirewallActionIPSetConfig{
+			WhiteName:          params.IpsetWhiteName,
+			BlackName:          params.IpsetBlackName,
+			AutoAddToIPTables:  params.IpsetAutoAddToIPTables,
+			AutoAddToFirewalld: params.IpsetAutoAddToFirewalld,
+		}
+	case firewallconfigs.FirewallActionTypeIPTables:
+		actionParams = &firewallconfigs.FirewallActionIPTablesConfig{}
+	case firewallconfigs.FirewallActionTypeFirewalld:
+		actionParams = &firewallconfigs.FirewallActionFirewalldConfig{}
+	case firewallconfigs.FirewallActionTypeScript:
+		params.Must.
+			Field("scriptPath", params.ScriptPath).
+			Require("请输入脚本路径")
+		actionParams = &firewallconfigs.FirewallActionScriptConfig{
+			Path: params.ScriptPath,
+		}
+	case firewallconfigs.FirewallActionTypeHTTPAPI:
+		params.Must.
+			Field("httpAPIURL", params.HttpAPIURL).
+			Require("请输入API URL").
+			Match(`^(http|https):`, "API地址必须以http://或https://开头")
+		actionParams = &firewallconfigs.FirewallActionHTTPAPIConfig{
+			URL: params.HttpAPIURL,
+		}
+	default:
+		this.Fail("选择的类型'" + params.Type + "'暂时不支持")
+	}
+
+	actionParamsJSON, err := json.Marshal(actionParams)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	_, err = this.RPC().NodeClusterFirewallActionRPC().UpdateNodeClusterFirewallAction(this.AdminContext(), &pb.UpdateNodeClusterFirewallActionRequest{
+		NodeClusterFirewallActionId: params.ActionId,
+		Name:                        params.Name,
+		EventLevel:                  params.EventLevel,
+		Type:                        params.Type,
+		ParamsJSON:                  actionParamsJSON,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Success()
+}
--- a/internal/web/actions/default/clusters/cluster/settings/init.go
+++ b/internal/web/actions/default/clusters/cluster/settings/init.go
@@ -4,6 +4,7 @@ import (
 	"github.com/TeaOSLab/EdgeAdmin/internal/configloaders"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/clusters/cluster/settings/cache"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/clusters/cluster/settings/dns"
+	firewallActions "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/clusters/cluster/settings/firewall-actions"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/clusters/cluster/settings/services"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/clusters/cluster/settings/toa"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/clusters/cluster/settings/waf"
@@ -43,6 +44,13 @@ func init() {
 			GetPost("", new(services.IndexAction)).
 			GetPost("/status", new(services.StatusAction)).

+			// 防火墙动作
+			Prefix("/clusters/cluster/settings/firewall-actions").
+			Get("", new(firewallActions.IndexAction)).
+			GetPost("/createPopup", new(firewallActions.CreatePopupAction)).
+			GetPost("/updatePopup", new(firewallActions.UpdatePopupAction)).
+			Post("/delete", new(firewallActions.DeleteAction)).
+
 			EndAll()
 	})
 }
--- a/internal/web/actions/default/clusters/clusterutils/cluster_helper.go
+++ b/internal/web/actions/default/clusters/clusterutils/cluster_helper.go
@@ -86,6 +86,11 @@ func (this *ClusterHelper) createSettingMenu(cluster *pb.NodeCluster, selectedIt
 		"isActive": selectedItem == "waf",
 		"isOn":     cluster.HttpFirewallPolicyId > 0,
 	})
+	items = append(items, maps.Map{
+		"name":     "WAF动作",
+		"url":      "/clusters/cluster/settings/firewall-actions?clusterId=" + clusterId,
+		"isActive": selectedItem == "firewallAction",
+	})
 	items = append(items, maps.Map{
 		"name":     "健康检查",
 		"url":      "/clusters/cluster/settings/health?clusterId=" + clusterId,
--- a/internal/web/actions/default/servers/components/waf/ipadmin/createIPPopup.go
+++ b/internal/web/actions/default/servers/components/waf/ipadmin/createIPPopup.go
@@ -41,6 +41,7 @@ func (this *CreateIPPopupAction) RunPost(params struct {
 	ExpiredAt        int64
 	Reason           string
 	Type             string
+	EventLevel       string

 	Must *actions.Must
 	CSRF *actionutils.CSRF
@@ -83,12 +84,13 @@ func (this *CreateIPPopupAction) RunPost(params struct {
 	}

 	createResp, err := this.RPC().IPItemRPC().CreateIPItem(this.AdminContext(), &pb.CreateIPItemRequest{
-		IpListId:  params.ListId,
-		IpFrom:    params.IpFrom,
-		IpTo:      params.IpTo,
-		ExpiredAt: params.ExpiredAt,
-		Reason:    params.Reason,
-		Type:      params.Type,
+		IpListId:   params.ListId,
+		IpFrom:     params.IpFrom,
+		IpTo:       params.IpTo,
+		ExpiredAt:  params.ExpiredAt,
+		Reason:     params.Reason,
+		Type:       params.Type,
+		EventLevel: params.EventLevel,
 	})
 	if err != nil {
 		this.ErrorPage(err)
--- a/internal/web/actions/default/servers/components/waf/ipadmin/lists.go
+++ b/internal/web/actions/default/servers/components/waf/ipadmin/lists.go
@@ -4,6 +4,7 @@ import (
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
 	"github.com/iwind/TeaGo/maps"
 	timeutil "github.com/iwind/TeaGo/utils/time"
 )
@@ -58,12 +59,13 @@ func (this *ListsAction) RunGet(params struct {
 		}

 		itemMaps = append(itemMaps, maps.Map{
-			"id":          item.Id,
-			"ipFrom":      item.IpFrom,
-			"ipTo":        item.IpTo,
-			"expiredTime": expiredTime,
-			"reason":      item.Reason,
-			"type":        item.Type,
+			"id":             item.Id,
+			"ipFrom":         item.IpFrom,
+			"ipTo":           item.IpTo,
+			"expiredTime":    expiredTime,
+			"reason":         item.Reason,
+			"type":           item.Type,
+			"eventLevelName": firewallconfigs.FindFirewallEventLevelName(item.EventLevel),
 		})
 	}
 	this.Data["items"] = itemMaps
--- a/internal/web/actions/default/servers/components/waf/ipadmin/test.go
+++ b/internal/web/actions/default/servers/components/waf/ipadmin/test.go
@@ -3,6 +3,7 @@ package ipadmin
 import (
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
 	"github.com/iwind/TeaGo/actions"
 	"github.com/iwind/TeaGo/maps"
 	timeutil "github.com/iwind/TeaGo/utils/time"
@@ -55,13 +56,14 @@ func (this *TestAction) RunPost(params struct {
 	}
 	if resp.IpItem != nil {
 		resultMap["item"] = maps.Map{
-			"id":          resp.IpItem.Id,
-			"ipFrom":      resp.IpItem.IpFrom,
-			"ipTo":        resp.IpItem.IpTo,
-			"reason":      resp.IpItem.Reason,
-			"expiredAt":   resp.IpItem.ExpiredAt,
-			"expiredTime": timeutil.FormatTime("Y-m-d H:i:s", resp.IpItem.ExpiredAt),
-			"type":        resp.IpItem.Type,
+			"id":             resp.IpItem.Id,
+			"ipFrom":         resp.IpItem.IpFrom,
+			"ipTo":           resp.IpItem.IpTo,
+			"reason":         resp.IpItem.Reason,
+			"expiredAt":      resp.IpItem.ExpiredAt,
+			"expiredTime":    timeutil.FormatTime("Y-m-d H:i:s", resp.IpItem.ExpiredAt),
+			"type":           resp.IpItem.Type,
+			"eventLevelName": firewallconfigs.FindFirewallEventLevelName(resp.IpItem.EventLevel),
 		}
 	}

--- a/internal/web/actions/default/servers/components/waf/ipadmin/updateIPPopup.go
+++ b/internal/web/actions/default/servers/components/waf/ipadmin/updateIPPopup.go
@@ -32,12 +32,13 @@ func (this *UpdateIPPopupAction) RunGet(params struct {
 	}

 	this.Data["item"] = maps.Map{
-		"id":        item.Id,
-		"ipFrom":    item.IpFrom,
-		"ipTo":      item.IpTo,
-		"expiredAt": item.ExpiredAt,
-		"reason":    item.Reason,
-		"type":      item.Type,
+		"id":         item.Id,
+		"ipFrom":     item.IpFrom,
+		"ipTo":       item.IpTo,
+		"expiredAt":  item.ExpiredAt,
+		"reason":     item.Reason,
+		"type":       item.Type,
+		"eventLevel": item.EventLevel,
 	}

 	this.Data["type"] = item.Type
@@ -49,11 +50,12 @@ func (this *UpdateIPPopupAction) RunPost(params struct {
 	FirewallPolicyId int64
 	ItemId           int64

-	IpFrom    string
-	IpTo      string
-	ExpiredAt int64
-	Reason    string
-	Type      string
+	IpFrom     string
+	IpTo       string
+	ExpiredAt  int64
+	Reason     string
+	Type       string
+	EventLevel string

 	Must *actions.Must
 	CSRF *actionutils.CSRF
@@ -99,12 +101,13 @@ func (this *UpdateIPPopupAction) RunPost(params struct {
 	}

 	_, err := this.RPC().IPItemRPC().UpdateIPItem(this.AdminContext(), &pb.UpdateIPItemRequest{
-		IpItemId:  params.ItemId,
-		IpFrom:    params.IpFrom,
-		IpTo:      params.IpTo,
-		ExpiredAt: params.ExpiredAt,
-		Reason:    params.Reason,
-		Type:      params.Type,
+		IpItemId:   params.ItemId,
+		IpFrom:     params.IpFrom,
+		IpTo:       params.IpTo,
+		ExpiredAt:  params.ExpiredAt,
+		Reason:     params.Reason,
+		Type:       params.Type,
+		EventLevel: params.EventLevel,
 	})
 	if err != nil {
 		this.ErrorPage(err)
--- a/internal/web/actions/default/servers/server/settings/waf/ipadmin/allowList.go
+++ b/internal/web/actions/default/servers/server/settings/waf/ipadmin/allowList.go
@@ -4,6 +4,7 @@ import (
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
 	"github.com/iwind/TeaGo/maps"
 	timeutil "github.com/iwind/TeaGo/utils/time"
 	"time"
@@ -70,13 +71,14 @@ func (this *AllowListAction) RunGet(params struct {
 		}

 		itemMaps = append(itemMaps, maps.Map{
-			"id":          item.Id,
-			"ipFrom":      item.IpFrom,
-			"ipTo":        item.IpTo,
-			"expiredTime": expiredTime,
-			"reason":      item.Reason,
-			"type":        item.Type,
-			"isExpired":   item.ExpiredAt > 0 && item.ExpiredAt < time.Now().Unix(),
+			"id":             item.Id,
+			"ipFrom":         item.IpFrom,
+			"ipTo":           item.IpTo,
+			"expiredTime":    expiredTime,
+			"reason":         item.Reason,
+			"type":           item.Type,
+			"isExpired":      item.ExpiredAt > 0 && item.ExpiredAt < time.Now().Unix(),
+			"eventLevelName": firewallconfigs.FindFirewallEventLevelName(item.EventLevel),
 		})
 	}
 	this.Data["items"] = itemMaps
--- a/internal/web/actions/default/servers/server/settings/waf/ipadmin/createIPPopup.go
+++ b/internal/web/actions/default/servers/server/settings/waf/ipadmin/createIPPopup.go
@@ -27,18 +27,17 @@ func (this *CreateIPPopupAction) RunGet(params struct {
 }

 func (this *CreateIPPopupAction) RunPost(params struct {
-	ListId    int64
-	IpFrom    string
-	IpTo      string
-	ExpiredAt int64
-	Reason    string
-	Type      string
+	ListId     int64
+	IpFrom     string
+	IpTo       string
+	ExpiredAt  int64
+	Reason     string
+	Type       string
+	EventLevel string

 	Must *actions.Must
 	CSRF *actionutils.CSRF
 }) {
-	// TODO 校验ListId所属用户
-
 	switch params.Type {
 	case "ipv4":
 		params.Must.
@@ -75,12 +74,13 @@ func (this *CreateIPPopupAction) RunPost(params struct {
 	}

 	createResp, err := this.RPC().IPItemRPC().CreateIPItem(this.AdminContext(), &pb.CreateIPItemRequest{
-		IpListId:  params.ListId,
-		IpFrom:    params.IpFrom,
-		IpTo:      params.IpTo,
-		ExpiredAt: params.ExpiredAt,
-		Reason:    params.Reason,
-		Type:      params.Type,
+		IpListId:   params.ListId,
+		IpFrom:     params.IpFrom,
+		IpTo:       params.IpTo,
+		ExpiredAt:  params.ExpiredAt,
+		Reason:     params.Reason,
+		Type:       params.Type,
+		EventLevel: params.EventLevel,
 	})
 	if err != nil {
 		this.ErrorPage(err)
--- a/internal/web/actions/default/servers/server/settings/waf/ipadmin/denyList.go
+++ b/internal/web/actions/default/servers/server/settings/waf/ipadmin/denyList.go
@@ -4,6 +4,7 @@ import (
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
 	"github.com/iwind/TeaGo/maps"
 	timeutil "github.com/iwind/TeaGo/utils/time"
 	"time"
@@ -70,13 +71,14 @@ func (this *DenyListAction) RunGet(params struct {
 		}

 		itemMaps = append(itemMaps, maps.Map{
-			"id":          item.Id,
-			"ipFrom":      item.IpFrom,
-			"ipTo":        item.IpTo,
-			"expiredTime": expiredTime,
-			"reason":      item.Reason,
-			"type":        item.Type,
-			"isExpired":   item.ExpiredAt > 0 && item.ExpiredAt < time.Now().Unix(),
+			"id":             item.Id,
+			"ipFrom":         item.IpFrom,
+			"ipTo":           item.IpTo,
+			"expiredTime":    expiredTime,
+			"reason":         item.Reason,
+			"type":           item.Type,
+			"isExpired":      item.ExpiredAt > 0 && item.ExpiredAt < time.Now().Unix(),
+			"eventLevelName": firewallconfigs.FindFirewallEventLevelName(item.EventLevel),
 		})
 	}
 	this.Data["items"] = itemMaps
--- a/internal/web/actions/default/servers/server/settings/waf/ipadmin/test.go
+++ b/internal/web/actions/default/servers/server/settings/waf/ipadmin/test.go
@@ -4,6 +4,7 @@ import (
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
 	"github.com/iwind/TeaGo/actions"
 	"github.com/iwind/TeaGo/maps"
 	timeutil "github.com/iwind/TeaGo/utils/time"
@@ -68,13 +69,14 @@ func (this *TestAction) RunPost(params struct {
 	}
 	if resp.IpItem != nil {
 		resultMap["item"] = maps.Map{
-			"id":          resp.IpItem.Id,
-			"ipFrom":      resp.IpItem.IpFrom,
-			"ipTo":        resp.IpItem.IpTo,
-			"reason":      resp.IpItem.Reason,
-			"expiredAt":   resp.IpItem.ExpiredAt,
-			"expiredTime": timeutil.FormatTime("Y-m-d H:i:s", resp.IpItem.ExpiredAt),
-			"type":        resp.IpItem.Type,
+			"id":             resp.IpItem.Id,
+			"ipFrom":         resp.IpItem.IpFrom,
+			"ipTo":           resp.IpItem.IpTo,
+			"reason":         resp.IpItem.Reason,
+			"expiredAt":      resp.IpItem.ExpiredAt,
+			"expiredTime":    timeutil.FormatTime("Y-m-d H:i:s", resp.IpItem.ExpiredAt),
+			"type":           resp.IpItem.Type,
+			"eventLevelName": firewallconfigs.FindFirewallEventLevelName(resp.IpItem.EventLevel),
 		}
 	}

--- a/internal/web/actions/default/servers/server/settings/waf/ipadmin/updateIPPopup.go
+++ b/internal/web/actions/default/servers/server/settings/waf/ipadmin/updateIPPopup.go
@@ -32,12 +32,13 @@ func (this *UpdateIPPopupAction) RunGet(params struct {
 	}

 	this.Data["item"] = maps.Map{
-		"id":        item.Id,
-		"ipFrom":    item.IpFrom,
-		"ipTo":      item.IpTo,
-		"expiredAt": item.ExpiredAt,
-		"reason":    item.Reason,
-		"type":      item.Type,
+		"id":         item.Id,
+		"ipFrom":     item.IpFrom,
+		"ipTo":       item.IpTo,
+		"expiredAt":  item.ExpiredAt,
+		"reason":     item.Reason,
+		"type":       item.Type,
+		"eventLevel": item.EventLevel,
 	}

 	this.Data["type"] = item.Type
@@ -48,11 +49,12 @@ func (this *UpdateIPPopupAction) RunGet(params struct {
 func (this *UpdateIPPopupAction) RunPost(params struct {
 	ItemId int64

-	IpFrom    string
-	IpTo      string
-	ExpiredAt int64
-	Reason    string
-	Type      string
+	IpFrom     string
+	IpTo       string
+	ExpiredAt  int64
+	Reason     string
+	Type       string
+	EventLevel string

 	Must *actions.Must
 	CSRF *actionutils.CSRF
@@ -98,12 +100,13 @@ func (this *UpdateIPPopupAction) RunPost(params struct {
 	}

 	_, err := this.RPC().IPItemRPC().UpdateIPItem(this.AdminContext(), &pb.UpdateIPItemRequest{
-		IpItemId:  params.ItemId,
-		IpFrom:    params.IpFrom,
-		IpTo:      params.IpTo,
-		ExpiredAt: params.ExpiredAt,
-		Reason:    params.Reason,
-		Type:      params.Type,
+		IpItemId:   params.ItemId,
+		IpFrom:     params.IpFrom,
+		IpTo:       params.IpTo,
+		ExpiredAt:  params.ExpiredAt,
+		Reason:     params.Reason,
+		Type:       params.Type,
+		EventLevel: params.EventLevel,
 	})
 	if err != nil {
 		this.ErrorPage(err)
--- a/internal/web/actions/default/ui/eventLevelOptions.go
+++ b/internal/web/actions/default/ui/eventLevelOptions.go
@@ -0,0 +1,16 @@
+package ui
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+)
+
+type EventLevelOptionsAction struct {
+	actionutils.ParentAction
+}
+
+func (this *EventLevelOptionsAction) RunPost(params struct{}) {
+	this.Data["eventLevels"] = firewallconfigs.FindAllFirewallEventLevels()
+
+	this.Success()
+}
--- a/internal/web/actions/default/ui/init.go
+++ b/internal/web/actions/default/ui/init.go
@@ -23,6 +23,7 @@ func init() {
 			Get("/download", new(DownloadAction)).
 			GetPost("/selectProvincesPopup", new(SelectProvincesPopupAction)).
 			GetPost("/selectCountriesPopup", new(SelectCountriesPopupAction)).
+			Post("/eventLevelOptions", new(EventLevelOptionsAction)).

 			EndAll()
 	})