diff --git a/class/core/firewall_api.py b/class/core/firewall_api.py
index 1b21e4451..9ada1f191 100755
--- a/class/core/firewall_api.py
+++ b/class/core/firewall_api.py
@@ -456,8 +456,8 @@ class firewall_api:
         elif self.__isMac:
             return False
         else:
-            cmd = "ps -ef|grep iptables |grep -v grep  | awk '{print $2}'"
+            cmd = "systemctl status iptables | grep 'inactive'"
             data = mw.execShell(cmd)
-            if data[0] == '':
+            if data[0] != '':
                 return False
             return True
diff --git a/scripts/install/rhel.sh b/scripts/install/rhel.sh
index 6988bcc0f..da2536500 100644
--- a/scripts/install/rhel.sh
+++ b/scripts/install/rhel.sh
@@ -40,20 +40,20 @@ if [ -f /usr/sbin/iptables ];then
     # iptables -nL --line-number
     
     echo "iptables start"
-
-    iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-    iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-    iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-    iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 888 -j ACCEPT
-    # iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 7200 -j ACCEPT
-    # iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT
-    # iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 30000:40000 -j ACCEPT
-    service iptables save
-
-    iptables_status=`service iptables status | grep 'not running'`
-    if [ "${iptables_status}" == '' ];then
+    iptables_status=`systemctl status iptables | grep 'inactive'`
+    if [ "${iptables_status}" != '' ];then
         service iptables restart
+    
+        iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
+        iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
+        iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
+        iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 888 -j ACCEPT
+        # iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 7200 -j ACCEPT
+        # iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT
+        # iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 30000:40000 -j ACCEPT
+        service iptables save
     fi
+    
     # 安装时不开启
     # stop之后清空了所有规则,所以安装是不能stop.
     # 要在代码修复这个问题，开启时，重新执行一下放行端口。