diff --git a/internal/web/actions/default/servers/components/waf/ipadmin/provinces.go b/internal/web/actions/default/servers/components/waf/ipadmin/provinces.go
index 008398db..e4691cd8 100644
--- a/internal/web/actions/default/servers/components/waf/ipadmin/provinces.go
+++ b/internal/web/actions/default/servers/components/waf/ipadmin/provinces.go
@@ -1,6 +1,17 @@
 package ipadmin
 
-import "github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+import (
+	"encoding/json"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/actions/actionutils"
+	"github.com/TeaOSLab/EdgeAdmin/internal/web/models"
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs"
+	"github.com/iwind/TeaGo/actions"
+	"github.com/iwind/TeaGo/lists"
+	"github.com/iwind/TeaGo/maps"
+)
+
+const ChinaCountryId = 1
 
 type ProvincesAction struct {
 	actionutils.ParentAction
@@ -10,7 +21,86 @@ func (this *ProvincesAction) Init() {
 	this.Nav("", "", "ipadmin")
 }
 
-func (this *ProvincesAction) RunGet(params struct{}) {
+func (this *ProvincesAction) RunGet(params struct {
+	FirewallPolicyId int64
+}) {
 	this.Data["subMenuItem"] = "province"
+
+	// 当前选中的省份
+	policyConfig, err := models.SharedHTTPFirewallPolicyDAO.FindEnabledPolicyConfig(this.AdminContext(), params.FirewallPolicyId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if policyConfig == nil {
+		this.NotFound("firewallPolicy", params.FirewallPolicyId)
+		return
+	}
+	selectedProvinceIds := []int64{}
+	if policyConfig.Inbound != nil && policyConfig.Inbound.Region != nil {
+		selectedProvinceIds = policyConfig.Inbound.Region.DenyProvinceIds
+	}
+
+	provincesResp, err := this.RPC().RegionProvinceRPC().FindAllEnabledRegionProvincesWithCountryId(this.AdminContext(), &pb.FindAllEnabledRegionProvincesWithCountryIdRequest{
+		CountryId: int64(ChinaCountryId),
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	provinceMaps := []maps.Map{}
+	for _, province := range provincesResp.Provinces {
+		provinceMaps = append(provinceMaps, maps.Map{
+			"id":        province.Id,
+			"name":      province.Name,
+			"isChecked": lists.ContainsInt64(selectedProvinceIds, province.Id),
+		})
+	}
+	this.Data["provinces"] = provinceMaps
+
 	this.Show()
 }
+
+func (this *ProvincesAction) RunPost(params struct {
+	FirewallPolicyId int64
+	ProvinceIds      []int64
+
+	Must *actions.Must
+}) {
+	policyConfig, err := models.SharedHTTPFirewallPolicyDAO.FindEnabledPolicyConfig(this.AdminContext(), params.FirewallPolicyId)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+	if policyConfig == nil {
+		this.NotFound("firewallPolicy", params.FirewallPolicyId)
+		return
+	}
+
+	if policyConfig.Inbound == nil {
+		policyConfig.Inbound = &firewallconfigs.HTTPFirewallInboundConfig{IsOn: true}
+	}
+	if policyConfig.Inbound.Region == nil {
+		policyConfig.Inbound.Region = &firewallconfigs.HTTPFirewallRegionConfig{
+			IsOn: true,
+		}
+	}
+	policyConfig.Inbound.Region.DenyProvinceIds = params.ProvinceIds
+
+	inboundJSON, err := json.Marshal(policyConfig.Inbound)
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	_, err = this.RPC().HTTPFirewallPolicyRPC().UpdateHTTPFirewallInboundConfig(this.AdminContext(), &pb.UpdateHTTPFirewallInboundConfigRequest{
+		FirewallPolicyId: params.FirewallPolicyId,
+		InboundJSON:      inboundJSON,
+	})
+	if err != nil {
+		this.ErrorPage(err)
+		return
+	}
+
+	this.Success()
+}
diff --git a/web/views/@default/servers/components/waf/ipadmin/index.html b/web/views/@default/servers/components/waf/ipadmin/index.html
index d02b0617..7bc290a8 100644
--- a/web/views/@default/servers/components/waf/ipadmin/index.html
+++ b/web/views/@default/servers/components/waf/ipadmin/index.html
@@ -20,7 +20,9 @@
 			<tr>
 				<td>选择封禁区域</td>
 				<td>
-					<div class="ui menu tabular tiny region-letter-group">
+					<more-options-indicator>选择区域</more-options-indicator>
+
+					<div class="ui menu tabular tiny region-letter-group" v-show="moreOptionsVisible">
 						<a href="" v-for="group in letterGroups" class="item" :class="{active: group == selectedGroup}" @click.prevent="selectGroup(group)">{{group}}</a>
 						<div class="item right">
 							<div class="ui checkbox" @click.prevent="checkAll">
@@ -29,7 +31,7 @@
 							</div>
 						</div>
 					</div>
-					<div v-for="group in letterGroups">
+					<div v-for="group in letterGroups"  v-show="moreOptionsVisible">
 						<div v-for="letter in group" v-if="letterCountries[letter] != null && group == selectedGroup" class="country-group">
 							<h4>{{letter}}</h4>
 							<div class="country-list">
diff --git a/web/views/@default/servers/components/waf/ipadmin/index.js b/web/views/@default/servers/components/waf/ipadmin/index.js
index b8d6eb6b..f6d66d8b 100644
--- a/web/views/@default/servers/components/waf/ipadmin/index.js
+++ b/web/views/@default/servers/components/waf/ipadmin/index.js
@@ -3,7 +3,6 @@ Tea.context(function () {
 		"ABC", "DEF", "GHI", "JKL", "MNO", "PQR", "STU", "VWX", "YZ"
 	];
 	this.selectedGroup = "ABC"
-	this.selectedCountries = []
 	this.letterCountries = {}
 	let that = this
 	this.countries.forEach(function (country) {
diff --git a/web/views/@default/servers/components/waf/ipadmin/provinces.css b/web/views/@default/servers/components/waf/ipadmin/provinces.css
new file mode 100644
index 00000000..99e6ff0c
--- /dev/null
+++ b/web/views/@default/servers/components/waf/ipadmin/provinces.css
@@ -0,0 +1,9 @@
+.province-list .item {
+  float: left;
+  width: 12em;
+  margin-bottom: 0.5em;
+}
+.province-list .item .checkbox label {
+  font-size: 12px !important;
+}
+/*# sourceMappingURL=provinces.css.map */
\ No newline at end of file
diff --git a/web/views/@default/servers/components/waf/ipadmin/provinces.css.map b/web/views/@default/servers/components/waf/ipadmin/provinces.css.map
new file mode 100644
index 00000000..777cb7a0
--- /dev/null
+++ b/web/views/@default/servers/components/waf/ipadmin/provinces.css.map
@@ -0,0 +1 @@
+{"version":3,"sources":["provinces.less"],"names":[],"mappings":"AAAA,cACC;EACC,WAAA;EACA,WAAA;EACA,oBAAA;;AAJF,cACC,MAKC,UAAU;EACT,0BAAA","file":"provinces.css"}
\ No newline at end of file
diff --git a/web/views/@default/servers/components/waf/ipadmin/provinces.html b/web/views/@default/servers/components/waf/ipadmin/provinces.html
index f1a2d3df..1062e09a 100644
--- a/web/views/@default/servers/components/waf/ipadmin/provinces.html
+++ b/web/views/@default/servers/components/waf/ipadmin/provinces.html
@@ -4,4 +4,36 @@
 <div class="right-box">
 	{$template "../waf_menu"}
 	{$template "menu"}
+
+	<form class="ui form" data-tea-action="$" data-tea-success="success">
+		<input type="hidden" name="firewallPolicyId" :value="firewallPolicyId"/>
+		<table class="ui table selectable definition">
+			<tr>
+				<td class="title">已封禁</td>
+				<td>
+					<div class="ui label tiny" v-for="province in provinces" v-if="province.isChecked" style="margin-bottom: 0.5em">
+						<input type="hidden" name="provinceIds" :value="province.id"/>
+						{{province.name}} <a href="" @click.prevent="deselectProvince(province)" title="取消封禁"><i class="icon remove"></i></a>
+					</div>
+				</td>
+			</tr>
+			<tr>
+				<td>选择封禁区域</td>
+				<td>
+					<more-options-indicator>选择省份/自治区</more-options-indicator>
+
+					<div class="province-list" v-show="moreOptionsVisible">
+						<div class="item" v-for="province in provinces">
+							<div class="ui checkbox" @click.prevent="selectProvince(province)">
+								<input type="checkbox" v-model="province.isChecked"/>
+								<label>{{province.name}}</label>
+							</div>
+						</div>
+					</div>
+					<div class="clear"></div>
+				</td>
+			</tr>
+		</table>
+		<submit-btn></submit-btn>
+	</form>
 </div>
\ No newline at end of file
diff --git a/web/views/@default/servers/components/waf/ipadmin/provinces.js b/web/views/@default/servers/components/waf/ipadmin/provinces.js
new file mode 100644
index 00000000..bbcb37b9
--- /dev/null
+++ b/web/views/@default/servers/components/waf/ipadmin/provinces.js
@@ -0,0 +1,23 @@
+Tea.context(function () {
+	this.isCheckingAll = false
+
+	this.selectProvince = function (province) {
+		province.isChecked = !province.isChecked
+	}
+
+	this.deselectProvince = function (province) {
+		province.isChecked = false
+	}
+
+	this.checkAll = function () {
+		this.isCheckingAll = !this.isCheckingAll
+
+		this.provinces.forEach(function (province) {
+			province.isChecked = that.isCheckingAll
+		})
+	}
+
+	this.success = function () {
+		teaweb.successToast("保存成功")
+	}
+})
\ No newline at end of file
diff --git a/web/views/@default/servers/components/waf/ipadmin/provinces.less b/web/views/@default/servers/components/waf/ipadmin/provinces.less
new file mode 100644
index 00000000..a9bc1668
--- /dev/null
+++ b/web/views/@default/servers/components/waf/ipadmin/provinces.less
@@ -0,0 +1,11 @@
+.province-list {
+	.item {
+		float: left;
+		width: 12em;
+		margin-bottom: 0.5em;
+
+		.checkbox label {
+			font-size: 12px !important;
+		}
+	}
+}