diff --git a/cmd/climc/shell/compute/secgroups.go b/cmd/climc/shell/compute/secgroups.go
index 132afdde90..5402f62fcd 100644
--- a/cmd/climc/shell/compute/secgroups.go
+++ b/cmd/climc/shell/compute/secgroups.go
@@ -29,23 +29,15 @@ func init() {
 		Equals string `help:"Secgroup ID or Name, filter secgroups whose rules equals the specified one"`
 		Server string `help:"Filter secgroups bound to specified server"`
 		options.BaseListOptions
+		Ip        string `help:"Filter secgroup by ip"`
+		Ports     string `help:"Filter secgroup by ports"`
+		Direction string `help:"Filter secgroup by ports" choices:"all|in|out"`
 	}
 
 	R(&SecGroupsListOptions{}, "secgroup-list", "List all security group", func(s *mcclient.ClientSession, args *SecGroupsListOptions) error {
-		var params *jsonutils.JSONDict
-		{
-			var err error
-			params, err = args.BaseListOptions.Params()
-			if err != nil {
-				return err
-
-			}
-		}
-		if len(args.Equals) > 0 {
-			params.Add(jsonutils.NewString(args.Equals), "equals")
-		}
-		if len(args.Server) > 0 {
-			params.Add(jsonutils.NewString(args.Server), "server")
+		params, err := options.ListStructToParams(args)
+		if err != nil {
+			return err
 		}
 		result, err := modules.SecGroups.List(s, params)
 		if err != nil {
diff --git a/pkg/apis/compute/secgroup.go b/pkg/apis/compute/secgroup.go
index 06000bc41f..7324835525 100644
--- a/pkg/apis/compute/secgroup.go
+++ b/pkg/apis/compute/secgroup.go
@@ -145,8 +145,18 @@ type SecgroupListInput struct {
 	// pattern:asc|desc
 	OrderByGuestCnt string `json:"order_by_guest_cnt"`
 
-	// 是否被修改
-	IsDirty *bool `json:"is_dirty"`
+	// 模糊过滤规则中含有指定ip的安全组
+	// example: 10.10.2.1
+	Ip string `json:"ip"`
+
+	// 精确匹配规则中含有指定端口的安全组
+	// example: 100-200
+	Ports string `json:"ports"`
+
+	// 指定过滤规则的方向(仅在指定ip或ports时生效) choices: all|in|out
+	// default: all
+	// example: in
+	Direction string `json:"direction"`
 }
 
 type SecurityGroupCacheListInput struct {
diff --git a/pkg/compute/models/secgroups.go b/pkg/compute/models/secgroups.go
index ef1c4027ae..feaa8c6003 100644
--- a/pkg/compute/models/secgroups.go
+++ b/pkg/compute/models/secgroups.go
@@ -144,12 +144,18 @@ func (manager *SSecurityGroupManager) ListItemFilter(
 		q = q.Filter(sqlchemy.OR(filters...))
 	}
 
-	if input.IsDirty != nil {
-		if *input.IsDirty {
-			q = q.IsTrue("is_dirty")
-		} else {
-			q = q.IsFalse("is_dirty")
+	if len(input.Ip) > 0 || len(input.Ports) > 0 {
+		sq := SecurityGroupRuleManager.Query("secgroup_id")
+		if len(input.Ip) > 0 {
+			sq = sq.Like("cidr", input.Ip+"%")
 		}
+		if len(input.Ports) > 0 {
+			sq = sq.Equals("ports", input.Ports)
+		}
+		if utils.IsInStringArray(input.Direction, []string{"in", "out"}) {
+			sq = sq.Equals("direction", input.Direction)
+		}
+		q = q.In("id", sq.SubQuery())
 	}
 
 	return q, nil