diff --git a/vps-audit.sh b/vps-audit.sh
index f32d4e4..7099cef 100755
--- a/vps-audit.sh
+++ b/vps-audit.sh
@@ -135,12 +135,62 @@ else
     check_security "SSH Port" "PASS" "Using non-default port $SSH_PORT which helps prevent automated attacks"
 fi
 
-# Check UFW status
-if ufw status | grep -q "active"; then
-    check_security "Firewall Status" "PASS" "UFW firewall is active and protecting your system"
-else
-    check_security "Firewall Status" "FAIL" "UFW firewall is not active - your system is exposed to network attacks"
-fi
+# Check Firewall Status
+check_firewall_status() {
+    if command -v ufw >/dev/null 2>&1; then
+        if ufw status | grep -q "active"; then
+            check_security "Firewall Status (UFW)" "PASS" "UFW firewall is active and protecting your system"
+        else
+            check_security "Firewall Status (UFW)" "FAIL" "UFW firewall is not active - your system is exposed to network attacks"
+        fi
+    elif command -v firewall-cmd >/dev/null 2>&1; then
+        if firewall-cmd --state 2>/dev/null | grep -q "running"; then
+            check_security "Firewall Status (firewalld)" "PASS" "Firewalld is active and protecting your system"
+        else
+            check_security "Firewall Status (firewalld)" "FAIL" "Firewalld is not active - your system is exposed to network attacks"
+        fi
+    elif command -v iptables >/dev/null 2>&1; then
+        if iptables -L | grep -q "Chain INPUT"; then
+            check_security "Firewall Status (iptables)" "PASS" "iptables rules are active and protecting your system"
+        else
+            check_security "Firewall Status (iptables)" "FAIL" "No active iptables rules found - your system may be exposed"
+        fi
+    elif command -v nft >/dev/null 2>&1; then
+        if nft list ruleset | grep -q "table"; then
+            check_security "Firewall Status (nftables)" "PASS" "nftables rules are active and protecting your system"
+        else
+            check_security "Firewall Status (nftables)" "FAIL" "No active nftables rules found - your system may be exposed"
+        fi
+    else
+        check_security "Firewall Status" "FAIL" "No recognized firewall tool is installed on this system"
+    fi
+}
+
+# Function to check and report with three states
+check_security() {
+    local test_name="$1"
+    local status="$2"
+    local message="$3"
+    
+    case $status in
+        "PASS")
+            echo -e "${GREEN}[PASS]${NC} $test_name ${GRAY}- $message${NC}"
+            echo "[PASS] $test_name - $message" >> "$REPORT_FILE"
+            ;;
+        "WARN")
+            echo -e "${YELLOW}[WARN]${NC} $test_name ${GRAY}- $message${NC}"
+            echo "[WARN] $test_name - $message" >> "$REPORT_FILE"
+            ;;
+        "FAIL")
+            echo -e "${RED}[FAIL]${NC} $test_name ${GRAY}- $message${NC}"
+            echo "[FAIL] $test_name - $message" >> "$REPORT_FILE"
+            ;;
+    esac
+    echo "" >> "$REPORT_FILE"
+}
+
+# Firewall check
+check_firewall_status
 
 # Check for unattended upgrades
 if dpkg -l | grep -q "unattended-upgrades"; then
@@ -307,4 +357,4 @@ echo -e "Review $REPORT_FILE for detailed recommendations."
 # Add summary to report
 echo "================================" >> "$REPORT_FILE"
 echo "End of VPS Audit Report" >> "$REPORT_FILE"
-echo "Please review all failed checks and implement the recommended fixes." >> "$REPORT_FILE"
\ No newline at end of file
+echo "Please review all failed checks and implement the recommended fixes." >> "$REPORT_FILE"