diff --git a/pkg/systemconfigs/security_config.go b/pkg/systemconfigs/security_config.go
index 5a448ef..d8ad08f 100644
--- a/pkg/systemconfigs/security_config.go
+++ b/pkg/systemconfigs/security_config.go
@@ -1,9 +1,31 @@
 package systemconfigs
 
+import "github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/shared"
+
 // 安全相关配置
 type SecurityConfig struct {
-	Frame            string  `json:"frame"`
-	AllowCountryIds  []int64 `json:"allowCountryIds"`
-	AllowProvinceIds []int64 `json:"allowProvinceIds"`
-	AllowLocal       bool    `json:"allowLocal"`
+	Frame            string   `json:"frame"`            // Frame嵌套
+	AllowCountryIds  []int64  `json:"allowCountryIds"`  // 允许的国家/地区
+	AllowProvinceIds []int64  `json:"allowProvinceIds"` // 允许的省份
+	AllowLocal       bool     `json:"allowLocal"`       // 允许本地+局域网IP访问
+	AllowIPs         []string `json:"allowIPs"`         // 允许访问的IP
+
+	allowIPRanges []*shared.IPRangeConfig
+}
+
+// 初始化
+func (this *SecurityConfig) Init() error {
+	this.allowIPRanges = []*shared.IPRangeConfig{}
+	for _, allowIP := range this.AllowIPs {
+		r, err := shared.ParseIPRange(allowIP)
+		if err != nil {
+			return err
+		}
+		this.allowIPRanges = append(this.allowIPRanges, r)
+	}
+	return nil
+}
+
+func (this *SecurityConfig) AllowIPRanges() []*shared.IPRangeConfig {
+	return this.allowIPRanges
 }