diff --git a/modules/core/src/main/java/com/jeesite/modules/config/web/IpAddrFilterConfig.java b/modules/core/src/main/java/com/jeesite/modules/config/web/IpAddrFilterConfig.java
new file mode 100644
index 00000000..d26eb22a
--- /dev/null
+++ b/modules/core/src/main/java/com/jeesite/modules/config/web/IpAddrFilterConfig.java
@@ -0,0 +1,80 @@
+/**
+ * Copyright (c) 2013-Now http://jeesite.com All rights reserved.
+ * No deletion without permission, or be held responsible to law.
+ */
+package com.jeesite.modules.config.web;
+
+import com.jeesite.common.config.Global;
+import com.jeesite.common.lang.StringUtils;
+import com.jeesite.common.web.http.ServletUtils;
+import jakarta.servlet.Filter;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.core.Ordered;
+
+/**
+ * IP地址黑白名单过滤器配置
+ */
+@Configuration(proxyBeanMethods = false)
+public class IpAddrFilterConfig {
+
+	private static long clearCacheTime;
+	private static String[] allowPrefixes;
+	private static String[] denyPrefixes;
+
+	@Bean
+	public FilterRegistrationBean<Filter> ipAddrFilter() {
+		FilterRegistrationBean<Filter> bean = new FilterRegistrationBean<>();
+		bean.setOrder(Ordered.HIGHEST_PRECEDENCE);
+		bean.setFilter((setvletRequest, setvletResponse, chain) -> {
+			if (isAccessAllowed(setvletRequest, setvletResponse)) {
+				chain.doFilter(setvletRequest, setvletResponse);
+			} else {
+				HttpServletResponse response = (HttpServletResponse) setvletResponse;
+				response.setStatus(403);
+				ServletUtils.renderString(response, Global.getText("访问拒绝"));
+			}
+		});
+		bean.addUrlPatterns("/*");
+		return bean;
+	}
+
+	private boolean isAccessAllowed(ServletRequest request, ServletResponse response) {
+		if (clearCacheTime == 0 || clearCacheTime != Global.getClearCacheTime()) {
+			allowPrefixes = Global.getConfigToArray("sys.filter.allowIpAddrs", StringUtils.EMPTY);
+			denyPrefixes = Global.getConfigToArray("sys.filter.denyIpAddrs", StringUtils.EMPTY);
+			clearCacheTime = Global.getClearCacheTime();
+		}
+		// 如果未初始化，直接拒绝
+		if (allowPrefixes == null || denyPrefixes == null) {
+			return false;
+		}
+		// 如果未设置黑白名单，直接通过
+		if (allowPrefixes.length == 0 && denyPrefixes.length == 0) {
+			return true;
+		}
+		// 如果未设置白名单，则直接通过白名单，再从黑名单中检查
+		boolean result = allowPrefixes.length == 0;
+		String ip = request.getRemoteAddr() + "]";
+		for (String prefix : allowPrefixes) {
+			if (StringUtils.startsWithIgnoreCase(ip, StringUtils.trim(prefix))){
+				result = true;
+				break;
+			}
+		}
+		for (String prefix : denyPrefixes) {
+			if (StringUtils.startsWithIgnoreCase(ip, StringUtils.trim(prefix))){
+				result = false;
+				break;
+			}
+		}
+		if (result) {
+			return true;
+		}
+		return false;
+	}
+}
diff --git a/modules/core/src/main/java/com/jeesite/modules/sys/db/InitCoreData.xlsx b/modules/core/src/main/java/com/jeesite/modules/sys/db/InitCoreData.xlsx
index 60957bbf..6d4b87c2 100644
Binary files a/modules/core/src/main/java/com/jeesite/modules/sys/db/InitCoreData.xlsx and b/modules/core/src/main/java/com/jeesite/modules/sys/db/InitCoreData.xlsx differ