diff --git a/bootstrap.d/21-firewall.sh b/bootstrap.d/21-firewall.sh
index b36991e..cf36c99 100644
--- a/bootstrap.d/21-firewall.sh
+++ b/bootstrap.d/21-firewall.sh
@@ -35,10 +35,10 @@ if [ "$ENABLE_IPTABLES" = true ] ; then
     chroot_exec systemctl daemon-reload
     chroot_exec systemctl enable ip6tables.service
   fi
-fi
-
-if [ "$ENABLE_SSHD" = false ] ; then
- # Remove SSHD related iptables rules
- sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/iptables.rules" 2> /dev/null
- sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/ip6tables.rules" 2> /dev/null
+  
+  if [ "$ENABLE_SSHD" = false ] ; then
+   # Remove SSHD related iptables rules
+   sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/iptables.rules" 2> /dev/null
+   sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/ip6tables.rules" 2> /dev/null
+  fi
 fi