From 79e15006c0e4ae92e17aeff9016c173c4554f677 Mon Sep 17 00:00:00 2001
From: GoEdgeLab <goedgecloud@gmail.com>
Date: Sat, 6 Feb 2021 17:37:09 +0800
Subject: [PATCH] =?UTF-8?q?=E5=A2=9E=E5=8A=A0IP=E7=BA=A7=E5=88=AB=E5=92=8C?=
 =?UTF-8?q?WAF=E5=8A=A8=E4=BD=9C?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 internal/rpc/rpc_client.go                    |   4 +
 .../settings/firewall-actions/createPopup.go  | 115 ++++++++++++++
 .../settings/firewall-actions/delete.go       |  24 +++
 .../settings/firewall-actions/index.go        |  65 ++++++++
 .../settings/firewall-actions/updatePopup.go  | 144 ++++++++++++++++++
 .../default/clusters/cluster/settings/init.go |   8 +
 .../clusters/clusterutils/cluster_helper.go   |   5 +
 .../components/waf/ipadmin/createIPPopup.go   |  14 +-
 .../servers/components/waf/ipadmin/lists.go   |  14 +-
 .../servers/components/waf/ipadmin/test.go    |  16 +-
 .../components/waf/ipadmin/updateIPPopup.go   |  37 ++---
 .../server/settings/waf/ipadmin/allowList.go  |  16 +-
 .../settings/waf/ipadmin/createIPPopup.go     |  28 ++--
 .../server/settings/waf/ipadmin/denyList.go   |  16 +-
 .../server/settings/waf/ipadmin/test.go       |  16 +-
 .../settings/waf/ipadmin/updateIPPopup.go     |  37 ++---
 .../actions/default/ui/eventLevelOptions.go   |  16 ++
 internal/web/actions/default/ui/init.go       |   1 +
 .../js/components/iplist/ip-item-text.js      |   1 +
 .../js/components/iplist/ip-list-table.js     |   5 +
 .../js/components/messages/message-row.js     |  48 +++---
 .../server/firewall-event-levels.js           |  45 ++++++
 web/views/@default/@layout.js                 |   8 +
 .../firewall-actions/createPopup.html         |  97 ++++++++++++
 .../settings/firewall-actions/createPopup.js  |  30 ++++
 .../settings/firewall-actions/index.html      |  36 +++++
 .../settings/firewall-actions/index.js        |  36 +++++
 .../firewall-actions/updatePopup.html         |  97 ++++++++++++
 .../settings/firewall-actions/updatePopup.js  |  35 +++++
 web/views/@default/messages/index.js          |  58 ++++---
 .../components/waf/ipadmin/createIPPopup.html |  12 +-
 .../components/waf/ipadmin/createIPPopup.js   |   1 +
 .../servers/components/waf/ipadmin/lists.js   |   4 +-
 .../servers/components/waf/ipadmin/test.html  |   4 +-
 .../servers/components/waf/ipadmin/test.js    |  14 +-
 .../components/waf/ipadmin/updateIPPopup.html |   7 +
 .../server/settings/waf/ipadmin/allowList.js  |   4 +-
 .../server/settings/waf/ipadmin/countries.js  |   2 +-
 .../settings/waf/ipadmin/createIPPopup.html   |   8 +-
 .../settings/waf/ipadmin/createIPPopup.js     |   1 +
 .../server/settings/waf/ipadmin/denyList.js   |   4 +-
 .../server/settings/waf/ipadmin/lists.js      |  36 -----
 .../server/settings/waf/ipadmin/provinces.js  |   2 +-
 .../server/settings/waf/ipadmin/test.html     |   4 +-
 .../server/settings/waf/ipadmin/test.js       |   2 +-
 .../settings/waf/ipadmin/updateIPPopup.html   |   9 +-
 46 files changed, 1000 insertions(+), 186 deletions(-)
 create mode 100644 internal/web/actions/default/clusters/cluster/settings/firewall-actions/createPopup.go
 create mode 100644 internal/web/actions/default/clusters/cluster/settings/firewall-actions/delete.go
 create mode 100644 internal/web/actions/default/clusters/cluster/settings/firewall-actions/index.go
 create mode 100644 internal/web/actions/default/clusters/cluster/settings/firewall-actions/updatePopup.go
 create mode 100644 internal/web/actions/default/ui/eventLevelOptions.go
 create mode 100644 web/public/js/components/server/firewall-event-levels.js
 create mode 100644 web/views/@default/clusters/cluster/settings/firewall-actions/createPopup.html
 create mode 100644 web/views/@default/clusters/cluster/settings/firewall-actions/createPopup.js
 create mode 100644 web/views/@default/clusters/cluster/settings/firewall-actions/index.html
 create mode 100644 web/views/@default/clusters/cluster/settings/firewall-actions/index.js
 create mode 100644 web/views/@default/clusters/cluster/settings/firewall-actions/updatePopup.html
 create mode 100644 web/views/@default/clusters/cluster/settings/firewall-actions/updatePopup.js
 delete mode 100644 web/views/@default/servers/server/settings/waf/ipadmin/lists.js

diff --git a/internal/rpc/rpc_client.go b/internal/rpc/rpc_client.go
index c7885ad0..b5ac8fb9 100644
--- a/internal/rpc/rpc_client.go
+++ b/internal/rpc/rpc_client.go
@@ -71,6 +71,10 @@ func (this *RPCClient) NodeClusterRPC() pb.NodeClusterServiceClient {
 	return pb.NewNodeClusterServiceClient(this.pickConn())
 }
 
+func (this *RPCClient) NodeClusterFirewallActionRPC() pb.NodeClusterFirewallActionServiceClient {
+	return pb.NewNodeClusterFirewallActionServiceClient(this.pickConn())
+}
+
 func (this *RPCClient) NodeGroupRPC() pb.NodeGroupServiceClient {
 	return pb.NewNodeGroupServiceClient(this.pickConn())
 }
diff --git a/internal/web/actions/default/clusters/cluster/settings/firewall-actions/createPopup.go b/internal/web/actions/default/clusters/cluster/settings/firewall-actions/createPopup.go
new file mode 100644
index 00000000..6d413443
--- /dev/null
+++ b/internal/web/actions/default/clusters/cluster/settings/firewall-actions/createPopup.go
@@ -0,0 +1,115 @@
+package firewallActions
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+	"github.com/iwind/TeaGo/actions"
+)
+
+type CreatePopupAction struct {
+	actionutils.ParentAction
+}
+
+func (this *CreatePopupAction) Init() {
+	this.Nav("", "", "")
+}
+
+func (this *CreatePopupAction) RunGet(params struct {
+	ClusterId int64
+}) {
+	this.Data["clusterId"] = params.ClusterId
+	this.Data["actionTypes"] = firewallconfigs.FindAllFirewallActionTypes()
+
+	this.Show()
+}
+
+func (this *CreatePopupAction) RunPost(params struct {
+	ClusterId  int64
+	Name       string
+	EventLevel string
+	Type       string
+
+	// ipset
+	IpsetWhiteName          string
+	IpsetBlackName          string
+	IpsetAutoAddToIPTables  bool
+	IpsetAutoAddToFirewalld bool
+
+	// script
+	ScriptPath string
+
+	// http api
+	HttpAPIURL string
+
+	Must *actions.Must
+	CSRF *actionutils.CSRF
+}) {
+	defer this.CreateLogInfo("创建WAF动作")
+
+	params.Must.
+		Field("name", params.Name).
+		Require("请输入动作名称").
+		Field("type", params.Type).
+		Require("请选择动作类型")
+
+	var actionParams interface{} = nil
+	switch params.Type {
+	case firewallconfigs.FirewallActionTypeIPSet:
+		params.Must.
+			Field("ipsetWhiteName", params.IpsetWhiteName).
+			Require("请输入IPSet白名单名称").
+			Match(`^\w+$`, "请输入正确的IPSet白名单名称").
+			Field("ipsetBlackName", params.IpsetBlackName).
+			Require("请输入IPSet黑名单名称").
+			Match(`^\w+$`, "请输入正确的IPSet黑名单名称")
+
+		actionParams = &firewallconfigs.FirewallActionIPSetConfig{
+			WhiteName:          params.IpsetWhiteName,
+			BlackName:          params.IpsetBlackName,
+			AutoAddToIPTables:  params.IpsetAutoAddToIPTables,
+			AutoAddToFirewalld: params.IpsetAutoAddToFirewalld,
+		}
+	case firewallconfigs.FirewallActionTypeIPTables:
+		actionParams = &firewallconfigs.FirewallActionIPTablesConfig{}
+	case firewallconfigs.FirewallActionTypeFirewalld:
+		actionParams = &firewallconfigs.FirewallActionFirewalldConfig{}
+	case firewallconfigs.FirewallActionTypeScript:
+		params.Must.
+			Field("scriptPath", params.ScriptPath).
+			Require("请输入脚本路径")
+		actionParams = &firewallconfigs.FirewallActionScriptConfig{
+			Path: params.ScriptPath,
+		}
+	case firewallconfigs.FirewallActionTypeHTTPAPI:
+		params.Must.
+			Field("httpAPIURL", params.HttpAPIURL).
+			Require("请输入API URL").
+			Match(`^(http|https):`, "API地址必须以http://或https://开头")
+		actionParams = &firewallconfigs.FirewallActionHTTPAPIConfig{
+			URL: params.HttpAPIURL,
+		}
+	default:
+		this.Fail("选择的类型'" + params.Type + "'暂时不支持")
+	}
+
+	actionParamsJSON, err := json.Marshal(actionParams)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	_, err = this.RPC().NodeClusterFirewallActionRPC().CreateNodeClusterFirewallAction(this.AdminContext(), &pb.CreateNodeClusterFirewallActionRequest{
+		NodeClusterId: params.ClusterId,
+		Name:          params.Name,
+		EventLevel:    params.EventLevel,
+		Type:          params.Type,
+		ParamsJSON:    actionParamsJSON,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Success()
+}
diff --git a/internal/web/actions/default/clusters/cluster/settings/firewall-actions/delete.go b/internal/web/actions/default/clusters/cluster/settings/firewall-actions/delete.go
new file mode 100644
index 00000000..f369c1cd
--- /dev/null
+++ b/internal/web/actions/default/clusters/cluster/settings/firewall-actions/delete.go
@@ -0,0 +1,24 @@
+package firewallActions
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+)
+
+type DeleteAction struct {
+	actionutils.ParentAction
+}
+
+func (this *DeleteAction) RunPost(params struct {
+	ActionId int64
+}) {
+	defer this.CreateLogInfo("删除WAF动作 %d", params.ActionId)
+
+	_, err := this.RPC().NodeClusterFirewallActionRPC().DeleteNodeClusterFirewallAction(this.AdminContext(), &pb.DeleteNodeClusterFirewallActionRequest{NodeClusterFirewallActionId: params.ActionId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}
diff --git a/internal/web/actions/default/clusters/cluster/settings/firewall-actions/index.go b/internal/web/actions/default/clusters/cluster/settings/firewall-actions/index.go
new file mode 100644
index 00000000..4497368d
--- /dev/null
+++ b/internal/web/actions/default/clusters/cluster/settings/firewall-actions/index.go
@@ -0,0 +1,65 @@
+package firewallActions
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+	"github.com/iwind/TeaGo/maps"
+)
+
+type IndexAction struct {
+	actionutils.ParentAction
+}
+
+func (this *IndexAction) Init() {
+	this.Nav("", "setting", "")
+	this.SecondMenu("firewallAction")
+}
+
+func (this *IndexAction) RunGet(params struct {
+	ClusterId int64
+}) {
+	actionsResp, err := this.RPC().NodeClusterFirewallActionRPC().FindAllEnabledNodeClusterFirewallActions(this.AdminContext(), &pb.FindAllEnabledNodeClusterFirewallActionsRequest{NodeClusterId: params.ClusterId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	levelMaps := map[string][]maps.Map{} // level => actionMaps
+	for _, action := range actionsResp.NodeClusterFirewallActions {
+		actionMaps, ok := levelMaps[action.EventLevel]
+		if !ok {
+			actionMaps = []maps.Map{}
+		}
+
+		actionMaps = append(actionMaps, maps.Map{
+			"id":       action.Id,
+			"name":     action.Name,
+			"type":     action.Type,
+			"typeName": firewallconfigs.FindFirewallActionTypeName(action.Type),
+		})
+		levelMaps[action.EventLevel] = actionMaps
+	}
+
+	levelMaps2 := []maps.Map{} // []levelMap
+	hasActions := false
+	for _, level := range firewallconfigs.FindAllFirewallEventLevels() {
+		actionMaps, ok := levelMaps[level.Code]
+		if !ok {
+			actionMaps = []maps.Map{}
+		} else {
+			hasActions = true
+		}
+
+		levelMaps2 = append(levelMaps2, maps.Map{
+			"name":    level.Name,
+			"code":    level.Code,
+			"actions": actionMaps,
+		})
+	}
+
+	this.Data["levels"] = levelMaps2
+	this.Data["hasActions"] = hasActions
+
+	this.Show()
+}
diff --git a/internal/web/actions/default/clusters/cluster/settings/firewall-actions/updatePopup.go b/internal/web/actions/default/clusters/cluster/settings/firewall-actions/updatePopup.go
new file mode 100644
index 00000000..186b46c1
--- /dev/null
+++ b/internal/web/actions/default/clusters/cluster/settings/firewall-actions/updatePopup.go
@@ -0,0 +1,144 @@
+package firewallActions
+
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/maps"
+)
+
+type UpdatePopupAction struct {
+	actionutils.ParentAction
+}
+
+func (this *UpdatePopupAction) Init() {
+	this.Nav("", "", "")
+}
+
+func (this *UpdatePopupAction) RunGet(params struct {
+	ActionId int64
+}) {
+	actionResp, err := this.RPC().NodeClusterFirewallActionRPC().FindEnabledNodeClusterFirewallAction(this.AdminContext(), &pb.FindEnabledNodeClusterFirewallActionRequest{NodeClusterFirewallActionId: params.ActionId})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	action := actionResp.NodeClusterFirewallAction
+	if action == nil {
+		this.NotFound("nodeClusterFirewallAction", params.ActionId)
+		return
+	}
+
+	actionParams := maps.Map{}
+	if len(action.ParamsJSON) > 0 {
+		err = json.Unmarshal(action.ParamsJSON, &actionParams)
+		if err != nil {
+			this.ErrorPage(err)
+			return
+		}
+	}
+
+	this.Data["action"] = maps.Map{
+		"id":         action.Id,
+		"name":       action.Name,
+		"eventLevel": action.EventLevel,
+		"params":     actionParams,
+		"type":       action.Type,
+	}
+
+	// 通用参数
+	this.Data["actionTypes"] = firewallconfigs.FindAllFirewallActionTypes()
+
+	this.Show()
+}
+
+func (this *UpdatePopupAction) RunPost(params struct {
+	ActionId   int64
+	Name       string
+	EventLevel string
+	Type       string
+
+	// ipset
+	IpsetWhiteName          string
+	IpsetBlackName          string
+	IpsetAutoAddToIPTables  bool
+	IpsetAutoAddToFirewalld bool
+
+	// script
+	ScriptPath string
+
+	// http api
+	HttpAPIURL string
+
+	Must *actions.Must
+	CSRF *actionutils.CSRF
+}) {
+	defer this.CreateLogInfo("修改WAF动作 %d", params.ActionId)
+
+	params.Must.
+		Field("name", params.Name).
+		Require("请输入动作名称").
+		Field("type", params.Type).
+		Require("请选择动作类型")
+
+	var actionParams interface{} = nil
+	switch params.Type {
+	case firewallconfigs.FirewallActionTypeIPSet:
+		params.Must.
+			Field("ipsetWhiteName", params.IpsetWhiteName).
+			Require("请输入IPSet白名单名称").
+			Match(`^\w+$`, "请输入正确的IPSet白名单名称").
+			Field("ipsetBlackName", params.IpsetBlackName).
+			Require("请输入IPSet黑名单名称").
+			Match(`^\w+$`, "请输入正确的IPSet黑名单名称")
+
+		actionParams = &firewallconfigs.FirewallActionIPSetConfig{
+			WhiteName:          params.IpsetWhiteName,
+			BlackName:          params.IpsetBlackName,
+			AutoAddToIPTables:  params.IpsetAutoAddToIPTables,
+			AutoAddToFirewalld: params.IpsetAutoAddToFirewalld,
+		}
+	case firewallconfigs.FirewallActionTypeIPTables:
+		actionParams = &firewallconfigs.FirewallActionIPTablesConfig{}
+	case firewallconfigs.FirewallActionTypeFirewalld:
+		actionParams = &firewallconfigs.FirewallActionFirewalldConfig{}
+	case firewallconfigs.FirewallActionTypeScript:
+		params.Must.
+			Field("scriptPath", params.ScriptPath).
+			Require("请输入脚本路径")
+		actionParams = &firewallconfigs.FirewallActionScriptConfig{
+			Path: params.ScriptPath,
+		}
+	case firewallconfigs.FirewallActionTypeHTTPAPI:
+		params.Must.
+			Field("httpAPIURL", params.HttpAPIURL).
+			Require("请输入API URL").
+			Match(`^(http|https):`, "API地址必须以http://或https://开头")
+		actionParams = &firewallconfigs.FirewallActionHTTPAPIConfig{
+			URL: params.HttpAPIURL,
+		}
+	default:
+		this.Fail("选择的类型'" + params.Type + "'暂时不支持")
+	}
+
+	actionParamsJSON, err := json.Marshal(actionParams)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	_, err = this.RPC().NodeClusterFirewallActionRPC().UpdateNodeClusterFirewallAction(this.AdminContext(), &pb.UpdateNodeClusterFirewallActionRequest{
+		NodeClusterFirewallActionId: params.ActionId,
+		Name:                        params.Name,
+		EventLevel:                  params.EventLevel,
+		Type:                        params.Type,
+		ParamsJSON:                  actionParamsJSON,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	this.Success()
+}
diff --git a/internal/web/actions/default/clusters/cluster/settings/init.go b/internal/web/actions/default/clusters/cluster/settings/init.go
index 24fd85b8..b89adea0 100644
--- a/internal/web/actions/default/clusters/cluster/settings/init.go
+++ b/internal/web/actions/default/clusters/cluster/settings/init.go
@@ -4,6 +4,7 @@ import (
 	"github.com/TeaOSLab/EdgeAdmin/internal/configloaders"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/clusters/cluster/settings/cache"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/clusters/cluster/settings/dns"
+	firewallActions "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/clusters/cluster/settings/firewall-actions"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/clusters/cluster/settings/services"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/clusters/cluster/settings/toa"
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/default/clusters/cluster/settings/waf"
@@ -43,6 +44,13 @@ func init() {
 			GetPost("", new(services.IndexAction)).
 			GetPost("/status", new(services.StatusAction)).
 
+			// 防火墙动作
+			Prefix("/clusters/cluster/settings/firewall-actions").
+			Get("", new(firewallActions.IndexAction)).
+			GetPost("/createPopup", new(firewallActions.CreatePopupAction)).
+			GetPost("/updatePopup", new(firewallActions.UpdatePopupAction)).
+			Post("/delete", new(firewallActions.DeleteAction)).
+
 			EndAll()
 	})
 }
diff --git a/internal/web/actions/default/clusters/clusterutils/cluster_helper.go b/internal/web/actions/default/clusters/clusterutils/cluster_helper.go
index 82810a14..88ad5c2f 100644
--- a/internal/web/actions/default/clusters/clusterutils/cluster_helper.go
+++ b/internal/web/actions/default/clusters/clusterutils/cluster_helper.go
@@ -86,6 +86,11 @@ func (this *ClusterHelper) createSettingMenu(cluster *pb.NodeCluster, selectedIt
 		"isActive": selectedItem == "waf",
 		"isOn":     cluster.HttpFirewallPolicyId > 0,
 	})
+	items = append(items, maps.Map{
+		"name":     "WAF动作",
+		"url":      "/clusters/cluster/settings/firewall-actions?clusterId=" + clusterId,
+		"isActive": selectedItem == "firewallAction",
+	})
 	items = append(items, maps.Map{
 		"name":     "健康检查",
 		"url":      "/clusters/cluster/settings/health?clusterId=" + clusterId,
diff --git a/internal/web/actions/default/servers/components/waf/ipadmin/createIPPopup.go b/internal/web/actions/default/servers/components/waf/ipadmin/createIPPopup.go
index cd7b69de..82f7078d 100644
--- a/internal/web/actions/default/servers/components/waf/ipadmin/createIPPopup.go
+++ b/internal/web/actions/default/servers/components/waf/ipadmin/createIPPopup.go
@@ -41,6 +41,7 @@ func (this *CreateIPPopupAction) RunPost(params struct {
 	ExpiredAt        int64
 	Reason           string
 	Type             string
+	EventLevel       string
 
 	Must *actions.Must
 	CSRF *actionutils.CSRF
@@ -83,12 +84,13 @@ func (this *CreateIPPopupAction) RunPost(params struct {
 	}
 
 	createResp, err := this.RPC().IPItemRPC().CreateIPItem(this.AdminContext(), &pb.CreateIPItemRequest{
-		IpListId:  params.ListId,
-		IpFrom:    params.IpFrom,
-		IpTo:      params.IpTo,
-		ExpiredAt: params.ExpiredAt,
-		Reason:    params.Reason,
-		Type:      params.Type,
+		IpListId:   params.ListId,
+		IpFrom:     params.IpFrom,
+		IpTo:       params.IpTo,
+		ExpiredAt:  params.ExpiredAt,
+		Reason:     params.Reason,
+		Type:       params.Type,
+		EventLevel: params.EventLevel,
 	})
 	if err != nil {
 		this.ErrorPage(err)
diff --git a/internal/web/actions/default/servers/components/waf/ipadmin/lists.go b/internal/web/actions/default/servers/components/waf/ipadmin/lists.go
index 65121840..ac01eee1 100644
--- a/internal/web/actions/default/servers/components/waf/ipadmin/lists.go
+++ b/internal/web/actions/default/servers/components/waf/ipadmin/lists.go
@@ -4,6 +4,7 @@ import (
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
 	"github.com/iwind/TeaGo/maps"
 	timeutil "github.com/iwind/TeaGo/utils/time"
 )
@@ -58,12 +59,13 @@ func (this *ListsAction) RunGet(params struct {
 		}
 
 		itemMaps = append(itemMaps, maps.Map{
-			"id":          item.Id,
-			"ipFrom":      item.IpFrom,
-			"ipTo":        item.IpTo,
-			"expiredTime": expiredTime,
-			"reason":      item.Reason,
-			"type":        item.Type,
+			"id":             item.Id,
+			"ipFrom":         item.IpFrom,
+			"ipTo":           item.IpTo,
+			"expiredTime":    expiredTime,
+			"reason":         item.Reason,
+			"type":           item.Type,
+			"eventLevelName": firewallconfigs.FindFirewallEventLevelName(item.EventLevel),
 		})
 	}
 	this.Data["items"] = itemMaps
diff --git a/internal/web/actions/default/servers/components/waf/ipadmin/test.go b/internal/web/actions/default/servers/components/waf/ipadmin/test.go
index 61b4cef5..f2e8e570 100644
--- a/internal/web/actions/default/servers/components/waf/ipadmin/test.go
+++ b/internal/web/actions/default/servers/components/waf/ipadmin/test.go
@@ -3,6 +3,7 @@ package ipadmin
 import (
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
 	"github.com/iwind/TeaGo/actions"
 	"github.com/iwind/TeaGo/maps"
 	timeutil "github.com/iwind/TeaGo/utils/time"
@@ -55,13 +56,14 @@ func (this *TestAction) RunPost(params struct {
 	}
 	if resp.IpItem != nil {
 		resultMap["item"] = maps.Map{
-			"id":          resp.IpItem.Id,
-			"ipFrom":      resp.IpItem.IpFrom,
-			"ipTo":        resp.IpItem.IpTo,
-			"reason":      resp.IpItem.Reason,
-			"expiredAt":   resp.IpItem.ExpiredAt,
-			"expiredTime": timeutil.FormatTime("Y-m-d H:i:s", resp.IpItem.ExpiredAt),
-			"type":        resp.IpItem.Type,
+			"id":             resp.IpItem.Id,
+			"ipFrom":         resp.IpItem.IpFrom,
+			"ipTo":           resp.IpItem.IpTo,
+			"reason":         resp.IpItem.Reason,
+			"expiredAt":      resp.IpItem.ExpiredAt,
+			"expiredTime":    timeutil.FormatTime("Y-m-d H:i:s", resp.IpItem.ExpiredAt),
+			"type":           resp.IpItem.Type,
+			"eventLevelName": firewallconfigs.FindFirewallEventLevelName(resp.IpItem.EventLevel),
 		}
 	}
 
diff --git a/internal/web/actions/default/servers/components/waf/ipadmin/updateIPPopup.go b/internal/web/actions/default/servers/components/waf/ipadmin/updateIPPopup.go
index 243eaf6c..a9baa197 100644
--- a/internal/web/actions/default/servers/components/waf/ipadmin/updateIPPopup.go
+++ b/internal/web/actions/default/servers/components/waf/ipadmin/updateIPPopup.go
@@ -32,12 +32,13 @@ func (this *UpdateIPPopupAction) RunGet(params struct {
 	}
 
 	this.Data["item"] = maps.Map{
-		"id":        item.Id,
-		"ipFrom":    item.IpFrom,
-		"ipTo":      item.IpTo,
-		"expiredAt": item.ExpiredAt,
-		"reason":    item.Reason,
-		"type":      item.Type,
+		"id":         item.Id,
+		"ipFrom":     item.IpFrom,
+		"ipTo":       item.IpTo,
+		"expiredAt":  item.ExpiredAt,
+		"reason":     item.Reason,
+		"type":       item.Type,
+		"eventLevel": item.EventLevel,
 	}
 
 	this.Data["type"] = item.Type
@@ -49,11 +50,12 @@ func (this *UpdateIPPopupAction) RunPost(params struct {
 	FirewallPolicyId int64
 	ItemId           int64
 
-	IpFrom    string
-	IpTo      string
-	ExpiredAt int64
-	Reason    string
-	Type      string
+	IpFrom     string
+	IpTo       string
+	ExpiredAt  int64
+	Reason     string
+	Type       string
+	EventLevel string
 
 	Must *actions.Must
 	CSRF *actionutils.CSRF
@@ -99,12 +101,13 @@ func (this *UpdateIPPopupAction) RunPost(params struct {
 	}
 
 	_, err := this.RPC().IPItemRPC().UpdateIPItem(this.AdminContext(), &pb.UpdateIPItemRequest{
-		IpItemId:  params.ItemId,
-		IpFrom:    params.IpFrom,
-		IpTo:      params.IpTo,
-		ExpiredAt: params.ExpiredAt,
-		Reason:    params.Reason,
-		Type:      params.Type,
+		IpItemId:   params.ItemId,
+		IpFrom:     params.IpFrom,
+		IpTo:       params.IpTo,
+		ExpiredAt:  params.ExpiredAt,
+		Reason:     params.Reason,
+		Type:       params.Type,
+		EventLevel: params.EventLevel,
 	})
 	if err != nil {
 		this.ErrorPage(err)
diff --git a/internal/web/actions/default/servers/server/settings/waf/ipadmin/allowList.go b/internal/web/actions/default/servers/server/settings/waf/ipadmin/allowList.go
index 215b24b3..0b831888 100644
--- a/internal/web/actions/default/servers/server/settings/waf/ipadmin/allowList.go
+++ b/internal/web/actions/default/servers/server/settings/waf/ipadmin/allowList.go
@@ -4,6 +4,7 @@ import (
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
 	"github.com/iwind/TeaGo/maps"
 	timeutil "github.com/iwind/TeaGo/utils/time"
 	"time"
@@ -70,13 +71,14 @@ func (this *AllowListAction) RunGet(params struct {
 		}
 
 		itemMaps = append(itemMaps, maps.Map{
-			"id":          item.Id,
-			"ipFrom":      item.IpFrom,
-			"ipTo":        item.IpTo,
-			"expiredTime": expiredTime,
-			"reason":      item.Reason,
-			"type":        item.Type,
-			"isExpired":   item.ExpiredAt > 0 && item.ExpiredAt < time.Now().Unix(),
+			"id":             item.Id,
+			"ipFrom":         item.IpFrom,
+			"ipTo":           item.IpTo,
+			"expiredTime":    expiredTime,
+			"reason":         item.Reason,
+			"type":           item.Type,
+			"isExpired":      item.ExpiredAt > 0 && item.ExpiredAt < time.Now().Unix(),
+			"eventLevelName": firewallconfigs.FindFirewallEventLevelName(item.EventLevel),
 		})
 	}
 	this.Data["items"] = itemMaps
diff --git a/internal/web/actions/default/servers/server/settings/waf/ipadmin/createIPPopup.go b/internal/web/actions/default/servers/server/settings/waf/ipadmin/createIPPopup.go
index 9b8f1206..7fa25762 100644
--- a/internal/web/actions/default/servers/server/settings/waf/ipadmin/createIPPopup.go
+++ b/internal/web/actions/default/servers/server/settings/waf/ipadmin/createIPPopup.go
@@ -27,18 +27,17 @@ func (this *CreateIPPopupAction) RunGet(params struct {
 }
 
 func (this *CreateIPPopupAction) RunPost(params struct {
-	ListId    int64
-	IpFrom    string
-	IpTo      string
-	ExpiredAt int64
-	Reason    string
-	Type      string
+	ListId     int64
+	IpFrom     string
+	IpTo       string
+	ExpiredAt  int64
+	Reason     string
+	Type       string
+	EventLevel string
 
 	Must *actions.Must
 	CSRF *actionutils.CSRF
 }) {
-	// TODO 校验ListId所属用户
-
 	switch params.Type {
 	case "ipv4":
 		params.Must.
@@ -75,12 +74,13 @@ func (this *CreateIPPopupAction) RunPost(params struct {
 	}
 
 	createResp, err := this.RPC().IPItemRPC().CreateIPItem(this.AdminContext(), &pb.CreateIPItemRequest{
-		IpListId:  params.ListId,
-		IpFrom:    params.IpFrom,
-		IpTo:      params.IpTo,
-		ExpiredAt: params.ExpiredAt,
-		Reason:    params.Reason,
-		Type:      params.Type,
+		IpListId:   params.ListId,
+		IpFrom:     params.IpFrom,
+		IpTo:       params.IpTo,
+		ExpiredAt:  params.ExpiredAt,
+		Reason:     params.Reason,
+		Type:       params.Type,
+		EventLevel: params.EventLevel,
 	})
 	if err != nil {
 		this.ErrorPage(err)
diff --git a/internal/web/actions/default/servers/server/settings/waf/ipadmin/denyList.go b/internal/web/actions/default/servers/server/settings/waf/ipadmin/denyList.go
index f4701f63..5813acfc 100644
--- a/internal/web/actions/default/servers/server/settings/waf/ipadmin/denyList.go
+++ b/internal/web/actions/default/servers/server/settings/waf/ipadmin/denyList.go
@@ -4,6 +4,7 @@ import (
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
 	"github.com/iwind/TeaGo/maps"
 	timeutil "github.com/iwind/TeaGo/utils/time"
 	"time"
@@ -70,13 +71,14 @@ func (this *DenyListAction) RunGet(params struct {
 		}
 
 		itemMaps = append(itemMaps, maps.Map{
-			"id":          item.Id,
-			"ipFrom":      item.IpFrom,
-			"ipTo":        item.IpTo,
-			"expiredTime": expiredTime,
-			"reason":      item.Reason,
-			"type":        item.Type,
-			"isExpired":   item.ExpiredAt > 0 && item.ExpiredAt < time.Now().Unix(),
+			"id":             item.Id,
+			"ipFrom":         item.IpFrom,
+			"ipTo":           item.IpTo,
+			"expiredTime":    expiredTime,
+			"reason":         item.Reason,
+			"type":           item.Type,
+			"isExpired":      item.ExpiredAt > 0 && item.ExpiredAt < time.Now().Unix(),
+			"eventLevelName": firewallconfigs.FindFirewallEventLevelName(item.EventLevel),
 		})
 	}
 	this.Data["items"] = itemMaps
diff --git a/internal/web/actions/default/servers/server/settings/waf/ipadmin/test.go b/internal/web/actions/default/servers/server/settings/waf/ipadmin/test.go
index 1e7f4b15..29cac308 100644
--- a/internal/web/actions/default/servers/server/settings/waf/ipadmin/test.go
+++ b/internal/web/actions/default/servers/server/settings/waf/ipadmin/test.go
@@ -4,6 +4,7 @@ import (
 	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/dao"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
 	"github.com/iwind/TeaGo/actions"
 	"github.com/iwind/TeaGo/maps"
 	timeutil "github.com/iwind/TeaGo/utils/time"
@@ -68,13 +69,14 @@ func (this *TestAction) RunPost(params struct {
 	}
 	if resp.IpItem != nil {
 		resultMap["item"] = maps.Map{
-			"id":          resp.IpItem.Id,
-			"ipFrom":      resp.IpItem.IpFrom,
-			"ipTo":        resp.IpItem.IpTo,
-			"reason":      resp.IpItem.Reason,
-			"expiredAt":   resp.IpItem.ExpiredAt,
-			"expiredTime": timeutil.FormatTime("Y-m-d H:i:s", resp.IpItem.ExpiredAt),
-			"type":        resp.IpItem.Type,
+			"id":             resp.IpItem.Id,
+			"ipFrom":         resp.IpItem.IpFrom,
+			"ipTo":           resp.IpItem.IpTo,
+			"reason":         resp.IpItem.Reason,
+			"expiredAt":      resp.IpItem.ExpiredAt,
+			"expiredTime":    timeutil.FormatTime("Y-m-d H:i:s", resp.IpItem.ExpiredAt),
+			"type":           resp.IpItem.Type,
+			"eventLevelName": firewallconfigs.FindFirewallEventLevelName(resp.IpItem.EventLevel),
 		}
 	}
 
diff --git a/internal/web/actions/default/servers/server/settings/waf/ipadmin/updateIPPopup.go b/internal/web/actions/default/servers/server/settings/waf/ipadmin/updateIPPopup.go
index 7b85cd6e..b703d13e 100644
--- a/internal/web/actions/default/servers/server/settings/waf/ipadmin/updateIPPopup.go
+++ b/internal/web/actions/default/servers/server/settings/waf/ipadmin/updateIPPopup.go
@@ -32,12 +32,13 @@ func (this *UpdateIPPopupAction) RunGet(params struct {
 	}
 
 	this.Data["item"] = maps.Map{
-		"id":        item.Id,
-		"ipFrom":    item.IpFrom,
-		"ipTo":      item.IpTo,
-		"expiredAt": item.ExpiredAt,
-		"reason":    item.Reason,
-		"type":      item.Type,
+		"id":         item.Id,
+		"ipFrom":     item.IpFrom,
+		"ipTo":       item.IpTo,
+		"expiredAt":  item.ExpiredAt,
+		"reason":     item.Reason,
+		"type":       item.Type,
+		"eventLevel": item.EventLevel,
 	}
 
 	this.Data["type"] = item.Type
@@ -48,11 +49,12 @@ func (this *UpdateIPPopupAction) RunGet(params struct {
 func (this *UpdateIPPopupAction) RunPost(params struct {
 	ItemId int64
 
-	IpFrom    string
-	IpTo      string
-	ExpiredAt int64
-	Reason    string
-	Type      string
+	IpFrom     string
+	IpTo       string
+	ExpiredAt  int64
+	Reason     string
+	Type       string
+	EventLevel string
 
 	Must *actions.Must
 	CSRF *actionutils.CSRF
@@ -98,12 +100,13 @@ func (this *UpdateIPPopupAction) RunPost(params struct {
 	}
 
 	_, err := this.RPC().IPItemRPC().UpdateIPItem(this.AdminContext(), &pb.UpdateIPItemRequest{
-		IpItemId:  params.ItemId,
-		IpFrom:    params.IpFrom,
-		IpTo:      params.IpTo,
-		ExpiredAt: params.ExpiredAt,
-		Reason:    params.Reason,
-		Type:      params.Type,
+		IpItemId:   params.ItemId,
+		IpFrom:     params.IpFrom,
+		IpTo:       params.IpTo,
+		ExpiredAt:  params.ExpiredAt,
+		Reason:     params.Reason,
+		Type:       params.Type,
+		EventLevel: params.EventLevel,
 	})
 	if err != nil {
 		this.ErrorPage(err)
diff --git a/internal/web/actions/default/ui/eventLevelOptions.go b/internal/web/actions/default/ui/eventLevelOptions.go
new file mode 100644
index 00000000..c5da6c6f
--- /dev/null
+++ b/internal/web/actions/default/ui/eventLevelOptions.go
@@ -0,0 +1,16 @@
+package ui
+
+import (
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+)
+
+type EventLevelOptionsAction struct {
+	actionutils.ParentAction
+}
+
+func (this *EventLevelOptionsAction) RunPost(params struct{}) {
+	this.Data["eventLevels"] = firewallconfigs.FindAllFirewallEventLevels()
+
+	this.Success()
+}
diff --git a/internal/web/actions/default/ui/init.go b/internal/web/actions/default/ui/init.go
index 654db405..c38cad97 100644
--- a/internal/web/actions/default/ui/init.go
+++ b/internal/web/actions/default/ui/init.go
@@ -23,6 +23,7 @@ func init() {
 			Get("/download", new(DownloadAction)).
 			GetPost("/selectProvincesPopup", new(SelectProvincesPopupAction)).
 			GetPost("/selectCountriesPopup", new(SelectCountriesPopupAction)).
+			Post("/eventLevelOptions", new(EventLevelOptionsAction)).
 
 			EndAll()
 	})
diff --git a/web/public/js/components/iplist/ip-item-text.js b/web/public/js/components/iplist/ip-item-text.js
index 759066a4..801116ba 100644
--- a/web/public/js/components/iplist/ip-item-text.js
+++ b/web/public/js/components/iplist/ip-item-text.js
@@ -7,5 +7,6 @@ Vue.component("ip-item-text", {
         <span v-if="vItem.ipTo.length > 0">- {{vItem.ipTo}}</span>
     </span>
     <span v-if="vItem.type == 'ipv6'">{{vItem.ipFrom}}</span>
+    <span v-if="vItem.eventLevelName != null && vItem.eventLevelName.length > 0">&nbsp; 级别：{{vItem.eventLevelName}}</span>
 </span>`
 })
\ No newline at end of file
diff --git a/web/public/js/components/iplist/ip-list-table.js b/web/public/js/components/iplist/ip-list-table.js
index 9de6e538..e8b86bb5 100644
--- a/web/public/js/components/iplist/ip-list-table.js
+++ b/web/public/js/components/iplist/ip-list-table.js
@@ -19,6 +19,7 @@ Vue.component("ip-list-table", {
             <tr>
                 <th style="width:18em">IP</th>
                 <th>类型</th>
+                <th>级别</th>
                 <th>过期时间</th>
                 <th>备注</th>
                 <th class="two op">操作</th>
@@ -35,6 +36,10 @@ Vue.component("ip-list-table", {
                 <span v-else-if="item.type == 'ipv6'">IPv6</span>
                 <span v-else-if="item.type == 'all'"><strong>所有IP</strong></span>
             </td>
+            <td>
+                <span v-if="item.eventLevelName != null && item.eventLevelName.length > 0">{{item.eventLevelName}}</span>
+                <span v-else class="disabled">-</span>
+            </td>
             <td>
                 <div v-if="item.expiredTime.length > 0">
                     {{item.expiredTime}}
diff --git a/web/public/js/components/messages/message-row.js b/web/public/js/components/messages/message-row.js
index 16670b62..1d3ccc38 100644
--- a/web/public/js/components/messages/message-row.js
+++ b/web/public/js/components/messages/message-row.js
@@ -1,34 +1,40 @@
 Vue.component("message-row", {
-	props: ["v-message"],
-	data: function () {
-		let paramsJSON = this.vMessage.params
-		let params = null
-		if (paramsJSON != null && paramsJSON.length > 0) {
-			params = JSON.parse(paramsJSON)
-		}
+    props: ["v-message"],
+    data: function () {
+        let paramsJSON = this.vMessage.params
+        let params = null
+        if (paramsJSON != null && paramsJSON.length > 0) {
+            params = JSON.parse(paramsJSON)
+        }
 
-		return {
-			message: this.vMessage,
-			params: params
-		}
-	},
-	methods: {
-		viewCert: function (certId) {
-			teaweb.popup("/servers/certs/certPopup?certId=" + certId, {
-				height: "28em",
-				width: "48em"
-			})
-		},
+        return {
+            message: this.vMessage,
+            params: params
+        }
+    },
+    methods: {
+        viewCert: function (certId) {
+            teaweb.popup("/servers/certs/certPopup?certId=" + certId, {
+                height: "28em",
+                width: "48em"
+            })
+        },
         readMessage: function (messageId) {
             Tea.action("/messages/readPage")
                 .params({"messageIds": [messageId]})
                 .post()
                 .success(function () {
+                    // 刷新父级页面Badge
+                    if (window.parent.Tea != null && window.parent.Tea.Vue != null) {
+                        window.parent.Tea.Vue.checkMessagesOnce()
+                    }
+
+                    // 刷新当前页面
                     teaweb.reload()
                 })
         }
-	},
-	template: `<div>
+    },
+    template: `<div>
 <table class="ui table selectable">
 	<tr :class="{error: message.level == 'error', positive: message.level == 'success', warning: message.level == 'warning'}">
 		<td style="position: relative">
diff --git a/web/public/js/components/server/firewall-event-levels.js b/web/public/js/components/server/firewall-event-levels.js
new file mode 100644
index 00000000..11df7118
--- /dev/null
+++ b/web/public/js/components/server/firewall-event-levels.js
@@ -0,0 +1,45 @@
+Vue.component("firewall-event-level-options", {
+    props: ["v-value"],
+    mounted: function () {
+        let that = this
+        Tea.action("/ui/eventLevelOptions")
+            .post()
+            .success(function (resp) {
+                that.levels = resp.data.eventLevels
+                that.change()
+            })
+    },
+    data: function () {
+        let value = this.vValue
+        if (value == null || value.length == 0) {
+            value = "" // 不要给默认值，因为黑白名单等默认值均有不同
+        }
+
+        return {
+            levels: [],
+            description: "",
+            level: value
+        }
+    },
+    methods: {
+        change: function () {
+            this.$emit("change")
+
+            let that = this
+            let l = this.levels.$find(function (k, v) {
+                return v.code == that.level
+            })
+            if (l != null) {
+                this.description = l.description
+            } else {
+                this.description = ""
+            }
+        }
+    },
+    template: `<div>
+    <select class="ui dropdown auto-width" name="eventLevel" v-model="level" @change="change">
+        <option v-for="level in levels" :value="level.code">{{level.name}}</option>
+    </select>
+    <p class="comment">{{description}}</p>
+</div>`
+})
\ No newline at end of file
diff --git a/web/views/@default/@layout.js b/web/views/@default/@layout.js
index 21042543..360ee78b 100644
--- a/web/views/@default/@layout.js
+++ b/web/views/@default/@layout.js
@@ -59,6 +59,14 @@ Tea.context(function () {
             })
     }
 
+    this.checkMessagesOnce = function () {
+        this.$post("/messages/badge")
+            .params({})
+            .success(function (resp) {
+                this.globalMessageBadge = resp.data.count
+            })
+    }
+
     this.showMessages = function () {
         teaweb.popup("/messages", {
             height: "24em",
diff --git a/web/views/@default/clusters/cluster/settings/firewall-actions/createPopup.html b/web/views/@default/clusters/cluster/settings/firewall-actions/createPopup.html
new file mode 100644
index 00000000..cbcbd732
--- /dev/null
+++ b/web/views/@default/clusters/cluster/settings/firewall-actions/createPopup.html
@@ -0,0 +1,97 @@
+{$layout "layout_popup"}
+
+<h3>添加动作</h3>
+<form class="ui form" data-tea-action="$" data-tea-success="success">
+    <input type="hidden" name="clusterId" :value="clusterId"/>
+    <csrf-token></csrf-token>
+
+    <table class="ui table selectable definition">
+        <tr>
+            <td class="title">名称 *</td>
+            <td>
+                <input type="text" name="name" maxlength="50" ref="focus"/>
+            </td>
+        </tr>
+        <tr>
+            <td>级别</td>
+            <td>
+                <firewall-event-level-options :v-value="'critical'"></firewall-event-level-options>
+            </td>
+        </tr>
+        <tr>
+            <td>类型</td>
+            <td>
+                <select class="ui dropdown auto-width" name="type" v-model="type">
+                    <option value="">[请选择]</option>
+                    <option v-for="type in actionTypes" :value="type.code">{{type.name}}</option>
+                </select>
+                <p class="comment">{{typeDescription}}</p>
+            </td>
+        </tr>
+
+        <!-- IPSet -->
+        <tbody v-if="type == 'ipset'">
+            <tr>
+                <td>IPSet白名单名称 *</td>
+                <td>
+                    <input type="text" name="ipsetWhiteName" value="edge_white_list" maxlength="64"/>
+                    <p class="comment">只能是英文、数字、下划线的组合。</p>
+                </td>
+            </tr>
+            <tr>
+                <td>IPSet黑名单名称 *</td>
+                <td>
+                    <input type="text" name="ipsetBlackName" value="edge_black_list" maxlength="64"/>
+                    <p class="comment">只能是英文、数字、下划线的组合。</p>
+                </td>
+            </tr>
+            <tr>
+                <td>创建IPTables规则</td>
+                <td>
+                    <checkbox name="ipsetAutoAddToIPTables" :value="true"></checkbox>
+                    <p class="comment">是否尝试自动创建包含有此IPSet的IPTables规则。</p>
+                </td>
+            </tr>
+            <tr>
+                <td>创建Firewalld规则</td>
+                <td>
+                    <checkbox name="ipsetAutoAddToFirewalld" :value="true"></checkbox>
+                    <p class="comment">是否尝试自动创建包含有此IPSet的Firewalld规则。</p>
+                </td>
+            </tr>
+        </tbody>
+
+        <!-- Firewalld -->
+        <tbody v-if="type == 'firewalld'">
+
+        </tbody>
+
+        <!-- IPTables -->
+        <tbody v-if="type == 'iptables'">
+
+        </tbody>
+
+        <!-- 脚本 -->
+        <tbody v-if="type == 'script'">
+            <tr>
+                <td>脚本路径 *</td>
+                <td>
+                    <input type="text" name="scriptPath" maxlength="200"/>
+                    <p class="comment">可执行脚本文件的完整路径。</p>
+                </td>
+            </tr>
+        </tbody>
+
+        <!-- HTTP API -->
+        <tbody v-if="type == 'httpAPI'">
+            <tr>
+                <td>API URL *</td>
+                <td>
+                    <input type="text" name="httpAPIURL" maxlength="200" placeholder="http|https://..."/>
+                    <p class="comment">完整的API地址。</p>
+                </td>
+            </tr>
+        </tbody>
+    </table>
+    <submit-btn></submit-btn>
+</form>
\ No newline at end of file
diff --git a/web/views/@default/clusters/cluster/settings/firewall-actions/createPopup.js b/web/views/@default/clusters/cluster/settings/firewall-actions/createPopup.js
new file mode 100644
index 00000000..66d58bc0
--- /dev/null
+++ b/web/views/@default/clusters/cluster/settings/firewall-actions/createPopup.js
@@ -0,0 +1,30 @@
+Tea.context(function () {
+    this.$delay(function () {
+        let that = this
+
+        // 类型
+        this.$watch("type", function () {
+            that.changeType()
+        })
+
+        this.changeType()
+    })
+
+    /**
+     * 类型
+     */
+    this.type = ""
+    this.typeDescription = ""
+
+    this.changeType = function () {
+        let that = this
+        let t = this.actionTypes.$find(function (k, v) {
+            return v.code == that.type
+        })
+        if (t != null) {
+            this.typeDescription = t.description
+        } else {
+            this.typeDescription = ""
+        }
+    }
+})
\ No newline at end of file
diff --git a/web/views/@default/clusters/cluster/settings/firewall-actions/index.html b/web/views/@default/clusters/cluster/settings/firewall-actions/index.html
new file mode 100644
index 00000000..3f94ff24
--- /dev/null
+++ b/web/views/@default/clusters/cluster/settings/firewall-actions/index.html
@@ -0,0 +1,36 @@
+{$layout}
+{$template "/left_menu"}
+
+<div class="right-box">
+    <first-menu>
+        <menu-item @click.prevent="createAction">添加动作</menu-item>
+        <span class="item disabled">|</span>
+        <span class="item"><tip-icon content="可以设置WAF中的规则集和IP名单中的IP级别，从而在匹配时触发对应的动作。"></tip-icon></span>
+    </first-menu>
+
+    <div class="margin"></div>
+    <div v-if="!hasActions">
+        <p class="comment">暂时还没有自定义动作。</p>
+    </div>
+    <div v-for="level in levels" v-if="level.actions.length > 0">
+        <h4 style="margin-bottom: 0">{{level.name}}级别</h4>
+        <p class="comment" v-if="level.actions.length == 0">暂时还没有定义动作。</p>
+        <table class="ui table selectable" v-if="level.actions.length > 0">
+            <thead>
+                <tr>
+                    <th>名称</th>
+                    <th class="four wide">类型</th>
+                    <th class="two op">操作</th>
+                </tr>
+            </thead>
+            <tr v-for="action in level.actions">
+                <td>{{action.name}}</td>
+                <td>{{action.typeName}}</td>
+                <td>
+                    <a href="" @click.prevent="updateAction(action.id)">修改</a> &nbsp; <a href="" @click.prevent="deleteAction(action.id)">删除</a>
+                </td>
+            </tr>
+        </table>
+        <div class="ui divider"></div>
+    </div>
+</div>
diff --git a/web/views/@default/clusters/cluster/settings/firewall-actions/index.js b/web/views/@default/clusters/cluster/settings/firewall-actions/index.js
new file mode 100644
index 00000000..3a329e93
--- /dev/null
+++ b/web/views/@default/clusters/cluster/settings/firewall-actions/index.js
@@ -0,0 +1,36 @@
+Tea.context(function () {
+    this.createAction = function () {
+        teaweb.popup(Tea.url(".createPopup", {clusterId: this.clusterId}), {
+            callback: function () {
+                teaweb.success("保存成功", function () {
+                    teaweb.reload()
+                })
+            }
+        })
+    }
+
+    this.updateAction = function (actionId) {
+        teaweb.popup(Tea.url(".updatePopup", {actionId: actionId}), {
+            callback: function () {
+                teaweb.success("保存成功", function () {
+                    teaweb.reload()
+                })
+            }
+        })
+    }
+
+    this.deleteAction = function (actionId) {
+        let that = this
+        teaweb.confirm("确定要删除此动作吗？", function () {
+            that.$post(".delete")
+                .params({
+                    actionId: actionId
+                })
+                .success(function () {
+                   teaweb.success("删除成功", function () {
+                       teaweb.reload()
+                   })
+                })
+        })
+    }
+})
\ No newline at end of file
diff --git a/web/views/@default/clusters/cluster/settings/firewall-actions/updatePopup.html b/web/views/@default/clusters/cluster/settings/firewall-actions/updatePopup.html
new file mode 100644
index 00000000..9a866749
--- /dev/null
+++ b/web/views/@default/clusters/cluster/settings/firewall-actions/updatePopup.html
@@ -0,0 +1,97 @@
+{$layout "layout_popup"}
+
+<h3>修改动作</h3>
+<form class="ui form" data-tea-action="$" data-tea-success="success">
+    <input type="hidden" name="actionId" :value="action.id"/>
+    <csrf-token></csrf-token>
+
+    <table class="ui table selectable definition">
+        <tr>
+            <td class="title">名称 *</td>
+            <td>
+                <input type="text" name="name" maxlength="50" ref="focus" v-model="action.name"/>
+            </td>
+        </tr>
+        <tr>
+            <td>级别</td>
+            <td>
+                <firewall-event-level-options :v-value="eventLevel"></firewall-event-level-options>
+            </td>
+        </tr>
+        <tr>
+            <td>类型</td>
+            <td>
+                <select class="ui dropdown auto-width" name="type" v-model="type">
+                    <option value="">[请选择]</option>
+                    <option v-for="type in actionTypes" :value="type.code">{{type.name}}</option>
+                </select>
+                <p class="comment">{{typeDescription}}</p>
+            </td>
+        </tr>
+
+        <!-- IPSet -->
+        <tbody v-if="type == 'ipset'">
+            <tr>
+                <td>IPSet白名单名称 *</td>
+                <td>
+                    <input type="text" name="ipsetWhiteName" value="edge_white_list" maxlength="64" v-model="action.params.whiteName"/>
+                    <p class="comment">只能是英文、数字、下划线的组合。</p>
+                </td>
+            </tr>
+            <tr>
+                <td>IPSet黑名单名称 *</td>
+                <td>
+                    <input type="text" name="ipsetBlackName" value="edge_black_list" maxlength="64" v-model="action.params.blackName"/>
+                    <p class="comment">只能是英文、数字、下划线的组合。</p>
+                </td>
+            </tr>
+            <tr>
+                <td>创建IPTables规则</td>
+                <td>
+                    <checkbox name="ipsetAutoAddToIPTables" v-model="action.params.autoAddToIPTables"></checkbox>
+                    <p class="comment">是否尝试自动创建包含有此IPSet的IPTables规则。</p>
+                </td>
+            </tr>
+            <tr>
+                <td>创建Firewalld规则</td>
+                <td>
+                    <checkbox name="ipsetAutoAddToFirewalld" v-model="action.params.autoAddToFirewalld"></checkbox>
+                    <p class="comment">是否尝试自动创建包含有此IPSet的Firewalld规则。</p>
+                </td>
+            </tr>
+        </tbody>
+
+        <!-- Firewalld -->
+        <tbody v-if="type == 'firewalld'">
+
+        </tbody>
+
+        <!-- IPTables -->
+        <tbody v-if="type == 'iptables'">
+
+        </tbody>
+
+        <!-- 脚本 -->
+        <tbody v-if="type == 'script'">
+            <tr>
+                <td>脚本路径 *</td>
+                <td>
+                    <input type="text" name="scriptPath" maxlength="200" v-model="action.params.path"/>
+                    <p class="comment">可执行脚本文件的完整路径。</p>
+                </td>
+            </tr>
+        </tbody>
+
+        <!-- HTTP API -->
+        <tbody v-if="type == 'httpAPI'">
+            <tr>
+                <td>API URL *</td>
+                <td>
+                    <input type="text" name="httpAPIURL" maxlength="200" placeholder="http|https://..." v-model="action.params.url"/>
+                    <p class="comment">完整的API地址。</p>
+                </td>
+            </tr>
+        </tbody>
+    </table>
+    <submit-btn></submit-btn>
+</form>
\ No newline at end of file
diff --git a/web/views/@default/clusters/cluster/settings/firewall-actions/updatePopup.js b/web/views/@default/clusters/cluster/settings/firewall-actions/updatePopup.js
new file mode 100644
index 00000000..f181e98e
--- /dev/null
+++ b/web/views/@default/clusters/cluster/settings/firewall-actions/updatePopup.js
@@ -0,0 +1,35 @@
+Tea.context(function () {
+    this.$delay(function () {
+        let that = this
+
+        // 类型
+        this.$watch("type", function () {
+            that.changeType()
+        })
+
+        this.changeType()
+    })
+
+    /**
+     * 级别
+     */
+    this.eventLevel = this.action.eventLevel
+
+    /**
+     * 类型
+     */
+    this.type = this.action.type
+    this.typeDescription = ""
+
+    this.changeType = function () {
+        let that = this
+        let t = this.actionTypes.$find(function (k, v) {
+            return v.code == that.type
+        })
+        if (t != null) {
+            this.typeDescription = t.description
+        } else {
+            this.typeDescription = ""
+        }
+    }
+})
\ No newline at end of file
diff --git a/web/views/@default/messages/index.js b/web/views/@default/messages/index.js
index 7899f358..3d1f4421 100644
--- a/web/views/@default/messages/index.js
+++ b/web/views/@default/messages/index.js
@@ -1,26 +1,38 @@
 Tea.context(function () {
-	this.updateAllRead = function () {
-		let that = this
-		teaweb.confirm("确定要设置所有的未读消息为已读吗？", function () {
-			that.$post("/messages/readAll")
-				.success(function () {
-					window.location = "/messages"
-				})
-		})
-	}
+    this.updateAllRead = function () {
+        let that = this
+        teaweb.confirm("确定要设置所有的未读消息为已读吗？", function () {
+            that.$post("/messages/readAll")
+                .success(function () {
+                    // 刷新父级页面Badge
+                    if (window.parent.Tea != null && window.parent.Tea.Vue != null) {
+                        window.parent.Tea.Vue.checkMessagesOnce()
+                    }
 
-	this.updatePageRead = function () {
-		let that = this
-		teaweb.confirm("确定要设置当前页的未读消息为已读吗？", function () {
-			let messageIds = []
-			that.messages.forEach(function (v) {
-				messageIds.push(v.id)
-			})
-			that.$post("/messages/readPage")
-				.params({
-					messageIds: messageIds
-				})
-				.refresh()
-		})
-	}
+                    window.location = "/messages"
+                })
+        })
+    }
+
+    this.updatePageRead = function () {
+        let that = this
+        teaweb.confirm("确定要设置当前页的未读消息为已读吗？", function () {
+            let messageIds = []
+            that.messages.forEach(function (v) {
+                messageIds.push(v.id)
+            })
+            that.$post("/messages/readPage")
+                .params({
+                    messageIds: messageIds
+                })
+                .success(function () {
+                    // 刷新父级页面Badge
+                    if (window.parent.Tea != null && window.parent.Tea.Vue != null) {
+                        window.parent.Tea.Vue.checkMessagesOnce()
+                    }
+
+                    teaweb.reload()
+                })
+        })
+    }
 })
\ No newline at end of file
diff --git a/web/views/@default/servers/components/waf/ipadmin/createIPPopup.html b/web/views/@default/servers/components/waf/ipadmin/createIPPopup.html
index cc058a3a..1665f3f5 100644
--- a/web/views/@default/servers/components/waf/ipadmin/createIPPopup.html
+++ b/web/views/@default/servers/components/waf/ipadmin/createIPPopup.html
@@ -1,7 +1,7 @@
 {$layout "layout_popup"}
 
-<h3 v-if="type == 'white'">添加IP到白名单</h3>
-<h3 v-if="type == 'black'">添加IP到黑名单</h3>
+<h3 v-if="listType == 'white'">添加IP到白名单</h3>
+<h3 v-if="listType == 'black'">添加IP到黑名单</h3>
 
 <form method="post" class="ui form" data-tea-action="$" data-tea-success="success">
 	<input type="hidden" name="firewallPolicyId" :value="firewallPolicyId"/>
@@ -49,6 +49,14 @@
                 </td>
             </tr>
         </tbody>
+
+        <tr>
+            <td>级别</td>
+            <td>
+                <firewall-event-level-options :v-value="eventLevel"></firewall-event-level-options>
+            </td>
+        </tr>
+
 		<tr>
 			<td colspan="2"><more-options-indicator></more-options-indicator></td>
 		</tr>
diff --git a/web/views/@default/servers/components/waf/ipadmin/createIPPopup.js b/web/views/@default/servers/components/waf/ipadmin/createIPPopup.js
index 82ad185a..cf56518b 100644
--- a/web/views/@default/servers/components/waf/ipadmin/createIPPopup.js
+++ b/web/views/@default/servers/components/waf/ipadmin/createIPPopup.js
@@ -1,3 +1,4 @@
 Tea.context(function () {
     this.type = "ipv4"
+    this.eventLevel = (this.listType == "white") ? "debug" : "critical"
 })
\ No newline at end of file
diff --git a/web/views/@default/servers/components/waf/ipadmin/lists.js b/web/views/@default/servers/components/waf/ipadmin/lists.js
index 5d566046..2919324b 100644
--- a/web/views/@default/servers/components/waf/ipadmin/lists.js
+++ b/web/views/@default/servers/components/waf/ipadmin/lists.js
@@ -1,7 +1,7 @@
 Tea.context(function () {
 	this.updateItem = function (itemId) {
 		teaweb.popup(Tea.url(".updateIPPopup?firewallPolicyId=" + this.firewallPolicyId, {itemId: itemId}), {
-			height: "23em",
+			height: "26em",
 			callback: function () {
 				teaweb.success("保存成功", function () {
 					teaweb.reload()
@@ -27,7 +27,7 @@ Tea.context(function () {
 	 */
 	this.createIP = function (type) {
 		teaweb.popup("/servers/components/waf/ipadmin/createIPPopup?firewallPolicyId=" + this.firewallPolicyId + '&type=' + type, {
-			height: "23em",
+			height: "26em",
 			callback: function () {
 				window.location = "/servers/components/waf/ipadmin/lists?firewallPolicyId=" + this.firewallPolicyId + "&type=" + type
 			}
diff --git a/web/views/@default/servers/components/waf/ipadmin/test.html b/web/views/@default/servers/components/waf/ipadmin/test.html
index 355870e8..4072449e 100644
--- a/web/views/@default/servers/components/waf/ipadmin/test.html
+++ b/web/views/@default/servers/components/waf/ipadmin/test.html
@@ -24,10 +24,10 @@
                         <div v-if="result.isFound">
                             <div v-if="result.item != null">
                                 <div v-if="result.isAllowed">
-                                    <span class="green">在白名单中 <ip-item-text :v-item="result.item"></ip-item-text><a href="" @click.prevent="updateItem(result.list.id, result.item.id)" title="查看和修改"><i class="icon pencil small"></i></a></span>
+                                    <span class="green">在白名单中 <ip-item-text :v-item="result.item"></ip-item-text>&nbsp;<a href="" @click.prevent="updateItem(result.list.id, result.item.id)" title="查看和修改"><i class="icon pencil small"></i></a></span>
                                 </div>
                                 <div v-else>
-                                    <span class="red">在黑名单中 <ip-item-text :v-item="result.item"></ip-item-text><a href="" @click.prevent="updateItem(result.list.id, result.item.id)" title="查看和修改"><i class="icon pencil small"></i></a></span>
+                                    <span class="red">在黑名单中 <ip-item-text :v-item="result.item"></ip-item-text>&nbsp;<a href="" @click.prevent="updateItem(result.list.id, result.item.id)" title="查看和修改"><i class="icon pencil small"></i></a></span>
                                 </div>
                             </div>
                             <div v-if="result.province != null">
diff --git a/web/views/@default/servers/components/waf/ipadmin/test.js b/web/views/@default/servers/components/waf/ipadmin/test.js
index 67de57b9..4d083e9b 100644
--- a/web/views/@default/servers/components/waf/ipadmin/test.js
+++ b/web/views/@default/servers/components/waf/ipadmin/test.js
@@ -24,7 +24,7 @@ Tea.context(function () {
 
     this.updateItem = function (itemId) {
         teaweb.popup(Tea.url(".updateIPPopup?firewallPolicyId=" + this.firewallPolicyId, {itemId: itemId}), {
-            height: "23em",
+            height: "26em",
             callback: function () {
                 teaweb.success("保存成功", function () {
                     teaweb.reload()
@@ -32,4 +32,16 @@ Tea.context(function () {
             }
         })
     }
+
+    /**
+     * 添加IP名单菜单
+     */
+    this.createIP = function (type) {
+        teaweb.popup("/servers/components/waf/ipadmin/createIPPopup?firewallPolicyId=" + this.firewallPolicyId + '&type=' + type, {
+            height: "26em",
+            callback: function () {
+                window.location = "/servers/components/waf/ipadmin/lists?firewallPolicyId=" + this.firewallPolicyId + "&type=" + type
+            }
+        })
+    }
 })
\ No newline at end of file
diff --git a/web/views/@default/servers/components/waf/ipadmin/updateIPPopup.html b/web/views/@default/servers/components/waf/ipadmin/updateIPPopup.html
index 5c6365c1..dcec182c 100644
--- a/web/views/@default/servers/components/waf/ipadmin/updateIPPopup.html
+++ b/web/views/@default/servers/components/waf/ipadmin/updateIPPopup.html
@@ -39,6 +39,13 @@
         </tr>
         </tbody>
 
+        <tr>
+            <td>级别</td>
+            <td>
+                <firewall-event-level-options :v-value="item.eventLevel"></firewall-event-level-options>
+            </td>
+        </tr>
+
         <!-- IPv6 -->
         <tbody v-if="type == 'ipv6'">
         <tr>
diff --git a/web/views/@default/servers/server/settings/waf/ipadmin/allowList.js b/web/views/@default/servers/server/settings/waf/ipadmin/allowList.js
index b62759c4..69eb2cd6 100644
--- a/web/views/@default/servers/server/settings/waf/ipadmin/allowList.js
+++ b/web/views/@default/servers/server/settings/waf/ipadmin/allowList.js
@@ -1,7 +1,7 @@
 Tea.context(function () {
 	this.updateItem = function (itemId) {
 		teaweb.popup(Tea.url(".updateIPPopup?listId=" + this.listId, {itemId: itemId}), {
-			height: "24em",
+			height: "26em",
 			callback: function () {
 				teaweb.success("保存成功", function () {
 					teaweb.reload()
@@ -27,7 +27,7 @@ Tea.context(function () {
 	 */
 	this.createIP = function (type) {
 		teaweb.popup("/servers/server/settings/waf/ipadmin/createIPPopup?listId=" + this.listId + '&type=' + type, {
-			height: "24em",
+			height: "26em",
 			callback: function () {
 				window.location.reload()
 			}
diff --git a/web/views/@default/servers/server/settings/waf/ipadmin/countries.js b/web/views/@default/servers/server/settings/waf/ipadmin/countries.js
index 450fcf99..930a7a44 100644
--- a/web/views/@default/servers/server/settings/waf/ipadmin/countries.js
+++ b/web/views/@default/servers/server/settings/waf/ipadmin/countries.js
@@ -57,7 +57,7 @@ Tea.context(function () {
 	 */
 	this.createIP = function (type) {
 		teaweb.popup("/servers/components/waf/ipadmin/createIPPopup?firewallPolicyId=" + this.firewallPolicyId + '&type=' + type, {
-			height: "23em",
+			height: "30em",
 			callback: function () {
 				window.location = "/servers/components/waf/ipadmin/lists?firewallPolicyId=" + this.firewallPolicyId + "&type=" + type
 			}
diff --git a/web/views/@default/servers/server/settings/waf/ipadmin/createIPPopup.html b/web/views/@default/servers/server/settings/waf/ipadmin/createIPPopup.html
index dec646b4..7f36901b 100644
--- a/web/views/@default/servers/server/settings/waf/ipadmin/createIPPopup.html
+++ b/web/views/@default/servers/server/settings/waf/ipadmin/createIPPopup.html
@@ -49,6 +49,13 @@
             </tr>
         </tbody>
 
+        <tr>
+            <td>级别</td>
+            <td>
+                <firewall-event-level-options :v-value="eventLevel"></firewall-event-level-options>
+            </td>
+        </tr>
+
 		<tr>
 			<td colspan="2"><more-options-indicator></more-options-indicator></td>
 		</tr>
@@ -66,6 +73,5 @@
 			</tr>
 		</tbody>
 	</table>
-    <p class="comment">添加后将会在5分钟内生效。</p>
 	<submit-btn></submit-btn>
 </form>
\ No newline at end of file
diff --git a/web/views/@default/servers/server/settings/waf/ipadmin/createIPPopup.js b/web/views/@default/servers/server/settings/waf/ipadmin/createIPPopup.js
index 82ad185a..cf56518b 100644
--- a/web/views/@default/servers/server/settings/waf/ipadmin/createIPPopup.js
+++ b/web/views/@default/servers/server/settings/waf/ipadmin/createIPPopup.js
@@ -1,3 +1,4 @@
 Tea.context(function () {
     this.type = "ipv4"
+    this.eventLevel = (this.listType == "white") ? "debug" : "critical"
 })
\ No newline at end of file
diff --git a/web/views/@default/servers/server/settings/waf/ipadmin/denyList.js b/web/views/@default/servers/server/settings/waf/ipadmin/denyList.js
index b62759c4..69eb2cd6 100644
--- a/web/views/@default/servers/server/settings/waf/ipadmin/denyList.js
+++ b/web/views/@default/servers/server/settings/waf/ipadmin/denyList.js
@@ -1,7 +1,7 @@
 Tea.context(function () {
 	this.updateItem = function (itemId) {
 		teaweb.popup(Tea.url(".updateIPPopup?listId=" + this.listId, {itemId: itemId}), {
-			height: "24em",
+			height: "26em",
 			callback: function () {
 				teaweb.success("保存成功", function () {
 					teaweb.reload()
@@ -27,7 +27,7 @@ Tea.context(function () {
 	 */
 	this.createIP = function (type) {
 		teaweb.popup("/servers/server/settings/waf/ipadmin/createIPPopup?listId=" + this.listId + '&type=' + type, {
-			height: "24em",
+			height: "26em",
 			callback: function () {
 				window.location.reload()
 			}
diff --git a/web/views/@default/servers/server/settings/waf/ipadmin/lists.js b/web/views/@default/servers/server/settings/waf/ipadmin/lists.js
deleted file mode 100644
index 5d566046..00000000
--- a/web/views/@default/servers/server/settings/waf/ipadmin/lists.js
+++ /dev/null
@@ -1,36 +0,0 @@
-Tea.context(function () {
-	this.updateItem = function (itemId) {
-		teaweb.popup(Tea.url(".updateIPPopup?firewallPolicyId=" + this.firewallPolicyId, {itemId: itemId}), {
-			height: "23em",
-			callback: function () {
-				teaweb.success("保存成功", function () {
-					teaweb.reload()
-				})
-			}
-		})
-	}
-
-	this.deleteItem = function (itemId) {
-		let that = this
-		teaweb.confirm("确定要删除这个IP吗？", function () {
-			that.$post(".deleteIP")
-				.params({
-					"firewallPolicyId": this.firewallPolicyId,
-					"itemId": itemId
-				})
-				.refresh()
-		})
-	}
-
-	/**
-	 * 添加IP名单菜单
-	 */
-	this.createIP = function (type) {
-		teaweb.popup("/servers/components/waf/ipadmin/createIPPopup?firewallPolicyId=" + this.firewallPolicyId + '&type=' + type, {
-			height: "23em",
-			callback: function () {
-				window.location = "/servers/components/waf/ipadmin/lists?firewallPolicyId=" + this.firewallPolicyId + "&type=" + type
-			}
-		})
-	}
-})
\ No newline at end of file
diff --git a/web/views/@default/servers/server/settings/waf/ipadmin/provinces.js b/web/views/@default/servers/server/settings/waf/ipadmin/provinces.js
index 31eff506..ea0ae250 100644
--- a/web/views/@default/servers/server/settings/waf/ipadmin/provinces.js
+++ b/web/views/@default/servers/server/settings/waf/ipadmin/provinces.js
@@ -43,7 +43,7 @@ Tea.context(function () {
 	 */
 	this.createIP = function (type) {
 		teaweb.popup("/servers/components/waf/ipadmin/createIPPopup?firewallPolicyId=" + this.firewallPolicyId + '&type=' + type, {
-			height: "23em",
+			height: "30em",
 			callback: function () {
 				window.location = "/servers/components/waf/ipadmin/lists?firewallPolicyId=" + this.firewallPolicyId + "&type=" + type
 			}
diff --git a/web/views/@default/servers/server/settings/waf/ipadmin/test.html b/web/views/@default/servers/server/settings/waf/ipadmin/test.html
index b0e426aa..9d4bb201 100644
--- a/web/views/@default/servers/server/settings/waf/ipadmin/test.html
+++ b/web/views/@default/servers/server/settings/waf/ipadmin/test.html
@@ -29,10 +29,10 @@
                         <div v-if="result.isFound">
                             <div v-if="result.item != null">
                                 <div v-if="result.isAllowed">
-                                    <span class="green">在白名单中 <ip-item-text :v-item="result.item"></ip-item-text><a href="" @click.prevent="updateItem(result.list.id, result.item.id)" title="查看和修改"><i class="icon pencil small"></i></a></span>
+                                    <span class="green">在白名单中 <ip-item-text :v-item="result.item"></ip-item-text>&nbsp;<a href="" @click.prevent="updateItem(result.list.id, result.item.id)" title="查看和修改"><i class="icon pencil small"></i></a></span>
                                 </div>
                                 <div v-else>
-                                    <span class="red">在黑名单中 <ip-item-text :v-item="result.item"></ip-item-text><a href="" @click.prevent="updateItem(result.list.id, result.item.id)" title="查看和修改"><i class="icon pencil small"></i></a></span>
+                                    <span class="red">在黑名单中 <ip-item-text :v-item="result.item"></ip-item-text>&nbsp;<a href="" @click.prevent="updateItem(result.list.id, result.item.id)" title="查看和修改"><i class="icon pencil small"></i></a></span>
                                 </div>
                             </div>
                             <div v-if="result.province != null">
diff --git a/web/views/@default/servers/server/settings/waf/ipadmin/test.js b/web/views/@default/servers/server/settings/waf/ipadmin/test.js
index a5ebe857..822ad934 100644
--- a/web/views/@default/servers/server/settings/waf/ipadmin/test.js
+++ b/web/views/@default/servers/server/settings/waf/ipadmin/test.js
@@ -24,7 +24,7 @@ Tea.context(function () {
 
     this.updateItem = function (listId, itemId) {
         teaweb.popup(Tea.url(".updateIPPopup?listId=" + listId, {itemId: itemId}), {
-            height: "24em",
+            height: "26em",
             callback: function () {
                 teaweb.success("保存成功", function () {
 
diff --git a/web/views/@default/servers/server/settings/waf/ipadmin/updateIPPopup.html b/web/views/@default/servers/server/settings/waf/ipadmin/updateIPPopup.html
index 740d9ef0..8ab5ebc8 100644
--- a/web/views/@default/servers/server/settings/waf/ipadmin/updateIPPopup.html
+++ b/web/views/@default/servers/server/settings/waf/ipadmin/updateIPPopup.html
@@ -49,7 +49,14 @@
             </tr>
         </tbody>
 
-		<tr>
+        <tr>
+            <td>级别</td>
+            <td>
+                <firewall-event-level-options :v-value="item.eventLevel"></firewall-event-level-options>
+            </td>
+        </tr>
+
+        <tr>
 			<td colspan="2"><more-options-indicator></more-options-indicator></td>
 		</tr>
 		<tbody v-show="moreOptionsVisible">