diff --git a/internal/firewalls/.gitignore b/internal/firewalls/.gitignore
new file mode 100644
index 0000000..c1b01e3
--- /dev/null
+++ b/internal/firewalls/.gitignore
@@ -0,0 +1 @@
+firewall_nftables_test.go
\ No newline at end of file
diff --git a/internal/firewalls/firewall.go b/internal/firewalls/firewall.go
index 1c156da..96aa19a 100644
--- a/internal/firewalls/firewall.go
+++ b/internal/firewalls/firewall.go
@@ -1,10 +1,13 @@
 // Copyright 2022 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+//go:build !plus
+// +build !plus
 
 package firewalls
 
 import (
 	"github.com/TeaOSLab/EdgeNode/internal/events"
 	"github.com/TeaOSLab/EdgeNode/internal/remotelogs"
+	"runtime"
 )
 
 var currentFirewall FirewallInterface
@@ -13,9 +16,7 @@ var currentFirewall FirewallInterface
 func init() {
 	events.On(events.EventLoaded, func() {
 		var firewall = Firewall()
-		if firewall.Name() == "mock" {
-			remotelogs.Warn("FIREWALL", "'firewalld' on this system should be enabled to block attackers more effectively")
-		} else {
+		if firewall.Name() != "mock" {
 			remotelogs.Println("FIREWALL", "found local firewall '"+firewall.Name()+"'")
 		}
 	})
@@ -28,7 +29,7 @@ func Firewall() FirewallInterface {
 	}
 
 	// firewalld
-	{
+	if runtime.GOOS == "linux" {
 		var firewalld = NewFirewalld()
 		if firewalld.IsReady() {
 			currentFirewall = firewalld
diff --git a/internal/firewalls/firewall_firewalld.go b/internal/firewalls/firewall_firewalld.go
index 65b4f7d..971675d 100644
--- a/internal/firewalls/firewall_firewalld.go
+++ b/internal/firewalls/firewall_firewalld.go
@@ -27,6 +27,8 @@ func NewFirewalld() *Firewalld {
 		err := cmd.Run()
 		if err == nil {
 			firewalld.exe = path
+			// TODO check firewalld status with 'firewall-cmd --state' (running or not running),
+			//      but we should recover the state when firewalld state changes, maybe check it every minutes
 			firewalld.isReady = true
 			firewalld.init()
 		}