diff --git a/bootstrap.d/21-firewall.sh b/bootstrap.d/21-firewall.sh
index b36991e..cf36c99 100644
--- a/bootstrap.d/21-firewall.sh
+++ b/bootstrap.d/21-firewall.sh
@@ -35,10 +35,10 @@ if [ "$ENABLE_IPTABLES" = true ] ; then
     chroot_exec systemctl daemon-reload
     chroot_exec systemctl enable ip6tables.service
   fi
-fi
-
-if [ "$ENABLE_SSHD" = false ] ; then
- # Remove SSHD related iptables rules
- sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/iptables.rules" 2> /dev/null
- sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/ip6tables.rules" 2> /dev/null
+  
+  if [ "$ENABLE_SSHD" = false ] ; then
+   # Remove SSHD related iptables rules
+   sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/iptables.rules" 2> /dev/null
+   sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/ip6tables.rules" 2> /dev/null
+  fi
 fi
diff --git a/rpi23-gen-image.sh b/rpi23-gen-image.sh
index 0bb6354..7a0adb3 100755
--- a/rpi23-gen-image.sh
+++ b/rpi23-gen-image.sh
@@ -466,6 +466,10 @@ if [ "$ENABLE_REDUCE" = true ] ; then
   fi
 fi
 
+if [ "$RELEASE" != "jessie" ] ; then
+  APT_INCLUDES="${APT_INCLUDES},libnss-systemd"
+fi
+
 # Configure kernel sources if no KERNELSRC_DIR
 if [ "$BUILD_KERNEL" = true ] && [ -z "$KERNELSRC_DIR" ] ; then
   KERNELSRC_CONFIG=true
@@ -552,8 +556,8 @@ ROOT_OFFSET=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS})
 
 # The root partition is EXT4
 # This means more space than the actual used space of the chroot is used.
-# As overhead for journaling and reserved blocks 25% are added.
-ROOT_SECTORS=$(expr $(expr ${CHROOT_SIZE} + ${CHROOT_SIZE} \/ 100 \* 25) \* 1024 \/ 512)
+# As overhead for journaling and reserved blocks 35% are added.
+ROOT_SECTORS=$(expr $(expr ${CHROOT_SIZE} + ${CHROOT_SIZE} \/ 100 \* 35) \* 1024 \/ 512)
 
 # Calculate required image size in 512 Byte sectors
 IMAGE_SECTORS=$(expr ${TABLE_SECTORS} + ${FRMW_SECTORS} + ${ROOT_SECTORS})