diff --git a/cmd/api/v5/acl.go b/cmd/api/v5/acl.go
index 2f3af8a..d582ee1 100755
--- a/cmd/api/v5/acl.go
+++ b/cmd/api/v5/acl.go
@@ -42,7 +42,7 @@ func (u ACLRule) Add(c *cli.Context) error {
 		DstIp:   c.String("destination"),
 		SrcPort: c.Int("sport"),
 		DstPort: c.Int("dport"),
-		Action:  "DROP",
+		Action:  "drop",
 	}
 
 	clt := u.NewHttp(c.String("token"))
@@ -63,7 +63,7 @@ func (u ACLRule) Remove(c *cli.Context) error {
 		DstIp:   c.String("destination"),
 		SrcPort: c.Int("sport"),
 		DstPort: c.Int("dport"),
-		Action:  "DROP",
+		Action:  "drop",
 	}
 
 	clt := u.NewHttp(c.String("token"))
@@ -97,6 +97,18 @@ func (u ACLRule) List(c *cli.Context) error {
 	return u.Out(items, c.String("format"), u.Tmpl())
 }
 
+func (u ACLRule) Save(c *cli.Context) error {
+	name := c.String("name")
+	url := u.Url(c.String("url"), name)
+
+	clt := u.NewHttp(c.String("token"))
+	if err := clt.PutJSON(url, nil, nil); err != nil {
+		return err
+	}
+
+	return nil
+}
+
 func (u ACLRule) Commands() *cli.Command {
 	return &cli.Command{
 		Name:  "rule",
@@ -133,6 +145,12 @@ func (u ACLRule) Commands() *cli.Command {
 				Aliases: []string{"ls"},
 				Action:  u.List,
 			},
+			{
+				Name:    "save",
+				Usage:   "Save all acl rules",
+				Aliases: []string{"sa"},
+				Action:  u.Save,
+			},
 		},
 	}
 }
diff --git a/pkg/api/acl.go b/pkg/api/acl.go
index 547ebaf..3cf4281 100755
--- a/pkg/api/acl.go
+++ b/pkg/api/acl.go
@@ -15,6 +15,7 @@ func (h ACL) Router(router *mux.Router) {
 	router.HandleFunc("/api/network/{id}/acl", h.List).Methods("GET")
 	router.HandleFunc("/api/network/{id}/acl", h.Add).Methods("POST")
 	router.HandleFunc("/api/network/{id}/acl", h.Del).Methods("DELETE")
+	router.HandleFunc("/api/network/{id}/acl", h.Save).Methods("PUT")
 }
 
 func (h ACL) List(w http.ResponseWriter, r *http.Request) {
@@ -85,3 +86,18 @@ func (h ACL) Del(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 }
+
+func (h ACL) Save(w http.ResponseWriter, r *http.Request) {
+	vars := mux.Vars(r)
+	id := vars["id"]
+
+	worker := GetWorker(id)
+	if worker == nil {
+		http.Error(w, "Network not found", http.StatusInternalServerError)
+		return
+	}
+	acl := worker.ACLer()
+	acl.Save()
+
+	ResponseJson(w, "success")
+}
diff --git a/pkg/api/api.go b/pkg/api/api.go
index d49a7eb..b56af21 100755
--- a/pkg/api/api.go
+++ b/pkg/api/api.go
@@ -36,6 +36,7 @@ type ACLer interface {
 	AddRule(rule *schema.ACLRule) error
 	DelRule(rule *schema.ACLRule) error
 	ListRules(call func(obj schema.ACLRule))
+	Save()
 }
 
 type ZTruster interface {
diff --git a/pkg/config/acl.go b/pkg/config/acl.go
index 2373b8b..c0da215 100755
--- a/pkg/config/acl.go
+++ b/pkg/config/acl.go
@@ -14,6 +14,15 @@ func (ru *ACL) Save() {
 	}
 }
 
+func (ru *ACL) Correct(sw *Switch) {
+	for _, rule := range ru.Rules {
+		rule.Correct()
+	}
+	if ru.File == "" {
+		ru.File = sw.Dir("acl", ru.Name+".json")
+	}
+}
+
 type ACLRule struct {
 	Name    string `json:"name,omitempty"`
 	SrcIp   string `json:"source,omitempty"`
@@ -25,4 +34,7 @@ type ACLRule struct {
 }
 
 func (ru *ACLRule) Correct() {
+	if ru.Action == "" {
+		ru.Action = "drop"
+	}
 }
diff --git a/pkg/config/switch.go b/pkg/config/switch.go
index f2f564c..4b8f69e 100755
--- a/pkg/config/switch.go
+++ b/pkg/config/switch.go
@@ -196,6 +196,13 @@ func (s *Switch) LoadNetwork() {
 		if obj.File == "" {
 			obj.File = s.Dir("network", obj.Name+".json")
 		}
+		if _, ok := s.Acl[obj.Name]; !ok {
+			obj := &ACL{
+				Name: obj.Name,
+			}
+			obj.Correct(s)
+			s.Acl[obj.Name] = obj
+		}
 	}
 }
 
@@ -212,16 +219,9 @@ func (s *Switch) LoadAcl() {
 			libol.Error("Switch.LoadAcl %s", err)
 			continue
 		}
+		obj.Correct(s)
 		s.Acl[obj.Name] = obj
 	}
-	for _, obj := range s.Acl {
-		for _, rule := range obj.Rules {
-			rule.Correct()
-		}
-		if obj.File == "" {
-			obj.File = s.Dir("acl", obj.Name+".json")
-		}
-	}
 }
 
 func (s *Switch) Load() error {
@@ -246,9 +246,6 @@ func (s *Switch) SaveAcl() {
 }
 
 func (s *Switch) SaveNetwork() {
-	if s.Network == nil {
-		return
-	}
 	for _, obj := range s.Network {
 		obj.Save()
 	}
diff --git a/pkg/switch/acl.go b/pkg/switch/acl.go
index 8041263..4c47829 100644
--- a/pkg/switch/acl.go
+++ b/pkg/switch/acl.go
@@ -162,3 +162,20 @@ func (a *ACL) ListRules(call func(obj schema.ACLRule)) {
 		call(obj)
 	}
 }
+
+func (a *ACL) Save() {
+	cfg := co.GetAcl(a.Name)
+	cfg.Rules = nil
+	for _, rule := range a.Rules {
+		cr := &co.ACLRule{
+			DstIp:   rule.DstIp,
+			SrcIp:   rule.SrcIp,
+			Proto:   rule.Proto,
+			DstPort: rule.DstPort,
+			SrcPort: rule.SrcPort,
+			Action:  rule.Action,
+		}
+		cfg.Rules = append(cfg.Rules, cr)
+	}
+	cfg.Save()
+}