diff --git a/internal/apps/phpmyadmin/service.go b/internal/apps/phpmyadmin/service.go
index 82456fe8..67359587 100644
--- a/internal/apps/phpmyadmin/service.go
+++ b/internal/apps/phpmyadmin/service.go
@@ -80,7 +80,8 @@ func (s *Service) UpdatePort(w http.ResponseWriter, r *http.Request) {
 	err = fw.Port(firewall.FireInfo{
 		PortStart: req.Port,
 		PortEnd:   req.Port,
-		Protocol:  "tcp",
+		Direction: firewall.DirectionIn,
+		Strategy:  firewall.StrategyAccept,
 	}, firewall.OperationAdd)
 	if err != nil {
 		service.Error(w, http.StatusInternalServerError, "%v", err)
diff --git a/internal/apps/pureftpd/service.go b/internal/apps/pureftpd/service.go
index 642f16a9..9bdd47b3 100644
--- a/internal/apps/pureftpd/service.go
+++ b/internal/apps/pureftpd/service.go
@@ -158,7 +158,8 @@ func (s *Service) UpdatePort(w http.ResponseWriter, r *http.Request) {
 	err = fw.Port(firewall.FireInfo{
 		PortStart: req.Port,
 		PortEnd:   req.Port,
-		Protocol:  "tcp",
+		Direction: firewall.DirectionIn,
+		Strategy:  firewall.StrategyAccept,
 	}, firewall.OperationAdd)
 	if err != nil {
 		service.Error(w, http.StatusInternalServerError, "%v", err)
diff --git a/internal/data/setting.go b/internal/data/setting.go
index 79548172..1e64813a 100644
--- a/internal/data/setting.go
+++ b/internal/data/setting.go
@@ -207,7 +207,8 @@ func (r *settingRepo) UpdatePanelSetting(ctx context.Context, setting *request.P
 	err = fw.Port(firewall.FireInfo{
 		PortStart: uint(config.HTTP.Port),
 		PortEnd:   uint(config.HTTP.Port),
-		Protocol:  "tcp",
+		Direction: firewall.DirectionIn,
+		Strategy:  firewall.StrategyAccept,
 	}, firewall.OperationAdd)
 	if err != nil {
 		return false, err
diff --git a/internal/service/firewall.go b/internal/service/firewall.go
index 3afbc445..4562dcab 100644
--- a/internal/service/firewall.go
+++ b/internal/service/firewall.go
@@ -80,7 +80,7 @@ func (s *FirewallService) CreateRule(w http.ResponseWriter, r *http.Request) {
 	}
 
 	if err = s.firewall.Port(firewall.FireInfo{
-		Family: req.Family, PortStart: req.PortStart, PortEnd: req.PortEnd, Protocol: req.Protocol, Address: req.Address, Strategy: req.Strategy, Direction: req.Direction,
+		Family: req.Family, PortStart: req.PortStart, PortEnd: req.PortEnd, Protocol: firewall.Protocol(req.Protocol), Address: req.Address, Strategy: firewall.Strategy(req.Strategy), Direction: firewall.Direction(req.Direction),
 	}, firewall.OperationAdd); err != nil {
 		Error(w, http.StatusInternalServerError, "%v", err)
 		return
@@ -97,7 +97,7 @@ func (s *FirewallService) DeleteRule(w http.ResponseWriter, r *http.Request) {
 	}
 
 	if err = s.firewall.Port(firewall.FireInfo{
-		Family: req.Family, PortStart: req.PortStart, PortEnd: req.PortEnd, Protocol: req.Protocol, Address: req.Address, Strategy: req.Strategy, Direction: req.Direction,
+		Family: req.Family, PortStart: req.PortStart, PortEnd: req.PortEnd, Protocol: firewall.Protocol(req.Protocol), Address: req.Address, Strategy: firewall.Strategy(req.Strategy), Direction: firewall.Direction(req.Direction),
 	}, firewall.OperationRemove); err != nil {
 		Error(w, http.StatusInternalServerError, "%v", err)
 		return
diff --git a/pkg/firewall/consts.go b/pkg/firewall/consts.go
index 56db02e6..13b82a17 100644
--- a/pkg/firewall/consts.go
+++ b/pkg/firewall/consts.go
@@ -1,26 +1,56 @@
 package firewall
 
+type Operation string
+
+var (
+	OperationAdd    Operation = "add"    // 添加
+	OperationRemove Operation = "remove" // 移除
+)
+
+type Protocol string
+
+var (
+	ProtocolTCP    Protocol = "tcp"     // tcp
+	ProtocolUDP    Protocol = "udp"     // udp
+	ProtocolTCPUDP Protocol = "tcp/udp" // tcp/udp
+)
+
+type Strategy string
+
+var (
+	StrategyAccept Strategy = "accept" // 接受
+	StrategyDrop   Strategy = "drop"   // 丢弃
+	StrategyReject Strategy = "reject" // 拒绝
+)
+
+type Direction string
+
+var (
+	DirectionIn  Direction = "in"  // 传入
+	DirectionOut Direction = "out" // 传出
+)
+
 type FireInfo struct {
-	Family    string `json:"family"`     // ipv4 ipv6
-	Address   string `json:"address"`    // 源地址或目标地址
-	PortStart uint   `json:"port_start"` // 1-65535
-	PortEnd   uint   `json:"port_end"`   // 1-65535
-	Protocol  string `json:"protocol"`   // tcp udp tcp/udp
-	Strategy  string `json:"strategy"`   // accept drop reject
-	Direction string `json:"direction"`  // in out 入站或出站
+	Family    string    `json:"family"`     // ipv4 ipv6
+	Address   string    `json:"address"`    // 源地址或目标地址
+	PortStart uint      `json:"port_start"` // 1-65535
+	PortEnd   uint      `json:"port_end"`   // 1-65535
+	Protocol  Protocol  `json:"protocol"`   // tcp udp tcp/udp
+	Strategy  Strategy  `json:"strategy"`   // accept drop reject
+	Direction Direction `json:"direction"`  // in out 入站或出站
 }
 
 type FireForwardInfo struct {
-	Address    string `json:"address"`
-	Port       uint   `json:"port"`     // 1-65535
-	Protocol   string `json:"protocol"` // tcp udp tcp/udp
-	TargetIP   string `json:"targetIP"`
-	TargetPort string `json:"targetPort"` // 1-65535
+	Address    string   `json:"address"`    // 源地址
+	Port       uint     `json:"port"`       // 1-65535
+	Protocol   Protocol `json:"protocol"`   // tcp udp tcp/udp
+	TargetIP   string   `json:"targetIP"`   // 目标地址
+	TargetPort string   `json:"targetPort"` // 1-65535
 }
 
 type Forward struct {
-	Protocol   string `json:"protocol"`
-	Port       uint   `json:"port"` // 1-65535
-	TargetIP   string `json:"targetIP"`
-	TargetPort uint   `json:"targetPort"` // 1-65535
+	Protocol   Protocol `json:"protocol"`   // tcp udp tcp/udp
+	Port       uint     `json:"port"`       // 1-65535
+	TargetIP   string   `json:"targetIP"`   // 目标地址
+	TargetPort uint     `json:"targetPort"` // 1-65535
 }
diff --git a/pkg/firewall/firewall.go b/pkg/firewall/firewall.go
index cd26bba2..b1c2f3f6 100644
--- a/pkg/firewall/firewall.go
+++ b/pkg/firewall/firewall.go
@@ -14,13 +14,6 @@ import (
 	"github.com/TheTNB/panel/pkg/systemctl"
 )
 
-type Operation string
-
-var (
-	OperationAdd    Operation = "add"
-	OperationRemove Operation = "remove"
-)
-
 type Firewall struct {
 	forwardListRegex *regexp.Regexp
 	richRuleRegex    *regexp.Regexp
@@ -70,7 +63,7 @@ func (r *Firewall) ListRule() ([]FireInfo, error) {
 					item.PortStart = cast.ToUint(ruleItem[0])
 					item.PortEnd = cast.ToUint(ruleItem[0])
 				}
-				item.Protocol = ruleItem[1]
+				item.Protocol = Protocol(ruleItem[1])
 			}
 			item.Family = "ipv4"
 			item.Strategy = "accept"
@@ -112,7 +105,7 @@ func (r *Firewall) ListForward() ([]FireForwardInfo, error) {
 			}
 			data = append(data, FireForwardInfo{
 				Port:       cast.ToUint(match[1]),
-				Protocol:   match[2],
+				Protocol:   Protocol(match[2]),
 				TargetIP:   match[4],
 				TargetPort: match[3],
 			})
@@ -154,7 +147,7 @@ func (r *Firewall) Port(rule FireInfo, operation Operation) error {
 		return r.RichRules(rule, operation)
 	}
 
-	protocols := strings.Split(rule.Protocol, "/")
+	protocols := strings.Split(string(rule.Protocol), "/")
 	for protocol := range slices.Values(protocols) {
 		stdout, err := shell.Execf("firewall-cmd --zone=public --%s-port=%d-%d/%s --permanent", operation, rule.PortStart, rule.PortEnd, protocol)
 		if err != nil {
@@ -167,7 +160,7 @@ func (r *Firewall) Port(rule FireInfo, operation Operation) error {
 }
 
 func (r *Firewall) RichRules(rule FireInfo, operation Operation) error {
-	protocols := strings.Split(rule.Protocol, "/")
+	protocols := strings.Split(string(rule.Protocol), "/")
 	for protocol := range slices.Values(protocols) {
 		var ruleBuilder strings.Builder
 		ruleBuilder.WriteString(fmt.Sprintf(`rule family="%s" `, rule.Family))
@@ -177,6 +170,8 @@ func (r *Firewall) RichRules(rule FireInfo, operation Operation) error {
 				ruleBuilder.WriteString(fmt.Sprintf(`source address="%s" `, rule.Address))
 			} else if rule.Direction == "out" {
 				ruleBuilder.WriteString(fmt.Sprintf(`destination address="%s" `, rule.Address))
+			} else if rule.Direction != "" {
+				return fmt.Errorf("invalid direction: %s", rule.Direction)
 			}
 		}
 		if rule.PortStart != 0 && rule.PortEnd != 0 && (rule.PortStart != 1 && rule.PortEnd != 65535) { // 1-65535是解析出来无端口规则的情况
@@ -189,7 +184,7 @@ func (r *Firewall) RichRules(rule FireInfo, operation Operation) error {
 			ruleBuilder.WriteString(fmt.Sprintf(`protocol="%s" `, protocol))
 		}
 
-		ruleBuilder.WriteString(rule.Strategy)
+		ruleBuilder.WriteString(string(rule.Strategy))
 		_, err := shell.Execf("firewall-cmd --zone=public --%s-rich-rule '%s' --permanent", operation, ruleBuilder.String())
 		if err != nil {
 			return fmt.Errorf("%s rich rules (%s) failed, err: %v", operation, ruleBuilder.String(), err)
@@ -236,8 +231,8 @@ func (r *Firewall) parseRichRule(line string) (FireInfo, error) {
 	fireInfo := FireInfo{
 		Family:   match[1],
 		Address:  match[3],
-		Protocol: match[5],
-		Strategy: match[6],
+		Protocol: Protocol(match[5]),
+		Strategy: Strategy(match[6]),
 	}
 
 	if match[2] == "destination" {
diff --git a/web/src/main.ts b/web/src/main.ts
index f06a11db..3af24c0f 100644
--- a/web/src/main.ts
+++ b/web/src/main.ts
@@ -33,7 +33,7 @@ async function setupApp() {
   app.mount('#app')
 }
 
-const title = ref('')
+const title = ref(import.meta.env.VITE_APP_TITLE)
 
 const setupPanel = async () => {
   const themeStore = useThemeStore()