Under CentOS7.X:

1. firewall

View firewall status:

[root@localhost sunan]# systemctl status firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
   Active: inactive (dead)
     Docs: man:firewalld(1)

Where Active is inactive (dead) is closed and active (running) is open

Turn off firewall command:

[root@localhost sunan]# systemctl stop firewalld.service 

Open firewall command:

[root@localhost sunan]# systemctl start firewalld.service

Disable firewall command permanently (power on does not start automatically)

[root@localhost sunan]# systemctl disable firewalld.service
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.

Permanently start the firewall command (boot from start)

[root@localhost sunan]# systemctl enable firewalld.service   
Created symlink from /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service to /usr/lib/systemd/system/firewalld.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/firewalld.service to /usr/lib/systemd/system/firewalld.service.

Under CentOS6.X:

1. firewall

View firewall status:

[root@localhost ~]# service iptables status

Turn off firewall command:

[root@localhost ~]# service iptables stop
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Unloading modules:                               [  OK  ]

Open firewall command:

[root@localhost ~]# service iptables start
iptables: Applying firewall rules:                         [  OK  ]

Disable firewall command permanently (power on does not start automatically)

[root@localhost ~]# chkconfig iptables off

Permanently start the firewall command (boot from start)

[root@localhost ~]# chkconfig iptables on

2.selinux (CentOS7.X is the same as CentOS6.X)

To view the selinux status:

[root@localhost sunan]# getenforce 
Enforcing

There are three modes of selinux state:
Enforce: force mode, which means selinux is running, and it has started to restrict domain/type correctly.
Permission: tolerance mode, which represents selinux operation, but only warning information will not actually restrict domain/type access. This mode can be used to debug selinux.
disabled: closed, selinux is not actually running.
The command sets SELinux if the status cannot be disabled:

[root@localhost ~]# setenforce 0
[root@localhost ~]# getenforce  
Permissive

Where setenforce 0|1
0: set to the state of permission;
1: set to enforce status;
This setting: invalid after system restart.
Modify the configuration file and set selinux to disabled:

[root@localhost ~]# vim /etc/selinux/config

SELINUX=disabled
SELINUXTYPE=targeted

Save and restart the system.