diff --git a/include/util/taoserror.h b/include/util/taoserror.h
index 257fa67fbf..39bf2b5681 100644
--- a/include/util/taoserror.h
+++ b/include/util/taoserror.h
@@ -250,6 +250,7 @@ int32_t* taosGetErrno();
 #define TSDB_CODE_MND_USER_HOST_EXIST           TAOS_DEF_ERROR_CODE(0, 0x035A)
 #define TSDB_CODE_MND_USER_HOST_NOT_EXIST       TAOS_DEF_ERROR_CODE(0, 0x035B)
 #define TSDB_CODE_MND_TOO_MANY_USER_HOST       TAOS_DEF_ERROR_CODE(0, 0x035C)
+#define TSDB_CODE_MND_USER_LOCAL_HOST_NOT_DROP       TAOS_DEF_ERROR_CODE(0, 0x035D)
 
 // mnode-stable-part1
 #define TSDB_CODE_MND_STB_ALREADY_EXIST         TAOS_DEF_ERROR_CODE(0, 0x0360)
diff --git a/source/dnode/mnode/impl/src/mndUser.c b/source/dnode/mnode/impl/src/mndUser.c
index 841ba68198..7c9dce2970 100644
--- a/source/dnode/mnode/impl/src/mndUser.c
+++ b/source/dnode/mnode/impl/src/mndUser.c
@@ -432,8 +432,8 @@ static void ipRangeToStr(SIpV4Range *range, char *buf) {
   addr.s_addr = range->ip;
 
   uv_inet_ntop(AF_INET, &addr, buf, 32);
-  if (range->mask != 32) {
-    sprintf(buf + strlen(buf), "/%d", range->mask);
+  if (range->mask == 32) {
+   sprintf(buf + strlen(buf), "/%d", range->mask);
   }
   return;
 }
@@ -446,7 +446,7 @@ static int32_t ipRangeListToStr(SIpV4Range *range, int32_t num, char *buf) {
   for (int i = 0; i < num; i++) {
     char        tbuf[36] = {0};
     SIpV4Range *pRange = &range[i];
-    if (isDefaultRange(pRange)) continue;
+    // if (isDefaultRange(pRange)) continue;
 
     ipRangeToStr(&range[i], tbuf);
     len += sprintf(buf + len, "%s,", tbuf);
@@ -1118,12 +1118,23 @@ static int32_t mndCreateUser(SMnode *pMnode, char *acct, SCreateUserReq *pCreate
     userObj.pIpWhiteList = createDefaultIpWhiteList();
 
   } else {
-    SIpWhiteList *p = taosMemoryCalloc(1, sizeof(SIpWhiteList) + pCreate->numIpRanges * sizeof(SIpV4Range));
+    SIpWhiteList *p = taosMemoryCalloc(1, sizeof(SIpWhiteList) + pCreate->numIpRanges * sizeof(SIpV4Range) + 1);
+    bool          localHost = false;
     for (int i = 0; i < pCreate->numIpRanges; i++) {
       p->pIpRange[i].ip = pCreate->pIpRanges[i].ip;
       p->pIpRange[i].mask = pCreate->pIpRanges[i].mask;
+
+      if (isDefaultRange(&pCreate->pIpRanges[i])) {
+        localHost = true;
+      }
+    }
+    if (localHost == false) {
+      p->pIpRange[pCreate->numIpRanges].ip = 16777343;
+      p->pIpRange[pCreate->numIpRanges].mask = 32;
+      p->num = pCreate->numIpRanges + 1;
+    } else {
+      p->num = pCreate->numIpRanges;
     }
-    p->num = pCreate->numIpRanges;
     userObj.pIpWhiteList = p;
   }
 
@@ -1705,6 +1716,7 @@ static int32_t mndProcessAlterUserReq(SRpcMsg *pReq) {
     int32_t       num = pUser->pIpWhiteList->num;
     SIpWhiteList *pNew = taosMemoryCalloc(1, sizeof(SIpWhiteList) + sizeof(SIpV4Range) * num);
     bool          noexist = true;
+    bool          localHost = false;
 
     if (pUser->pIpWhiteList->num > 0) {
       int idx = 0;
@@ -1713,16 +1725,21 @@ static int32_t mndProcessAlterUserReq(SRpcMsg *pReq) {
         bool        found = false;
         for (int j = 0; j < alterReq.numIpRanges; j++) {
           SIpV4Range *range = &alterReq.pIpRanges[j];
-          if (!isDefaultRange(range) && isIpRangeEqual(oldRange, range)) {
+          if (isDefaultRange(range)) {
+            localHost = true;
+            break;
+          }
+          if (isIpRangeEqual(oldRange, range)) {
             found = true;
             break;
           }
         }
+        if (localHost) break;
+
         if (found == false) {
           memcpy(&pNew->pIpRange[idx], oldRange, sizeof(SIpV4Range));
           idx++;
-        }
-        if (found == true) {
+        } else {
           noexist = false;
         }
       }
@@ -1735,6 +1752,12 @@ static int32_t mndProcessAlterUserReq(SRpcMsg *pReq) {
       newUser.pIpWhiteList = pNew;
       newUser.ipWhiteListVer = pUser->ipWhiteListVer + 1;
     }
+
+    if (localHost) {
+      terrno = TSDB_CODE_MND_USER_LOCAL_HOST_NOT_DROP;
+      code = terrno;
+      goto _OVER;
+    }
     if (noexist) {
       terrno = TSDB_CODE_MND_USER_HOST_NOT_EXIST;
       code = terrno;
diff --git a/source/libs/transport/src/transSvr.c b/source/libs/transport/src/transSvr.c
index 42675ffc91..fd00c6b773 100644
--- a/source/libs/transport/src/transSvr.c
+++ b/source/libs/transport/src/transSvr.c
@@ -325,7 +325,7 @@ bool uvWhiteListFilte(SIpWhiteListTab* pWhite, char* user, uint32_t ip, int64_t
 }
 bool uvWhiteListCheckConn(SIpWhiteListTab* pWhite, SSvrConn* pConn) {
   if (pConn->inType == TDMT_MND_STATUS || pConn->inType == TDMT_MND_RETRIEVE_IP_WHITE ||
-      pConn->serverIp == pConn->clientIp ||
+      pConn->serverIp == pConn->clientIp ||  
       pWhite->ver == pConn->whiteListVer /*|| strncmp(pConn->user, "_dnd", strlen("_dnd")) == 0*/)
     return true;
 
diff --git a/source/util/src/terror.c b/source/util/src/terror.c
index 0b014fb31f..2a03ded4a9 100644
--- a/source/util/src/terror.c
+++ b/source/util/src/terror.c
@@ -197,6 +197,7 @@ TAOS_DEFINE_ERROR(TSDB_CODE_MND_PRIVILEDGE_EXIST,         "User already have thi
 TAOS_DEFINE_ERROR(TSDB_CODE_MND_USER_HOST_EXIST,          "Host already exist in ip white list")
 TAOS_DEFINE_ERROR(TSDB_CODE_MND_USER_HOST_NOT_EXIST,      "Host not exist in ip white list")
 TAOS_DEFINE_ERROR(TSDB_CODE_MND_TOO_MANY_USER_HOST,       "Too many host in ip white list")
+TAOS_DEFINE_ERROR(TSDB_CODE_MND_USER_LOCAL_HOST_NOT_DROP,  "Host can not be dropped")
 
 //mnode-stable-part1
 TAOS_DEFINE_ERROR(TSDB_CODE_MND_STB_ALREADY_EXIST,        "STable already exists")