diff --git a/bootstrap.d/13-kernel.sh b/bootstrap.d/13-kernel.sh
index cc36bcd..f7a4037 100644
--- a/bootstrap.d/13-kernel.sh
+++ b/bootstrap.d/13-kernel.sh
@@ -8,6 +8,7 @@
 # Need to use kali kernel src if nexmon is enabled
 if [ "$ENABLE_NEXMON" = true ] ; then
   KERNEL_URL="${KALI_KERNEL_URL}"
+  # Clear Branch and KernelSRC_DIR if using nexmon. Everyone will forget to clone kali kernel instead of nomrla kernel
   KERNEL_BRANCH=""
   KERNELSRC_DIR=""
 fi
@@ -93,7 +94,7 @@ if [ "$BUILD_KERNEL" = true ] ; then
     if [ "$KERNELSRC_CONFIG" = true ] ; then
       # Load default raspberry kernel configuration
       make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" "${KERNEL_DEFCONFIG}"
-  
+
       #Switch to KERNELSRC_DIR so we can use set_kernel_config
       cd "${KERNEL_DIR}" || exit
 
@@ -345,7 +346,6 @@ if [ "$BUILD_KERNEL" = true ] ; then
 	    unset_kernel_config CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE
 	  fi
 
-
 	  #Revert to previous directory
 	  cd "${WORKDIR}" || exit
 
@@ -435,11 +435,6 @@ if [ "$BUILD_KERNEL" = true ] ; then
   if [ "$KERNEL_HEADERS" = true ] && [ "$KERNEL_REDUCE" = false ] ; then
     make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" INSTALL_HDR_PATH=../.. headers_install
   fi
-# make tar.gz kernel package - missing os bzw. modules
-#** ** **  WARNING  ** ** **
-#Your architecture did not define any architecture-dependent files
-#to be placed into the tarball. Please add those to ./scripts/package/buildtar .
-#  make -C "${KERNEL_DIR}" ARCH="${KERNEL_ARCH}" CROSS_COMPILE="${CROSS_COMPILE}" CC="${cc}" targz-pkg
 
   # Prepare boot (firmware) directory
   mkdir "${BOOT_DIR}"
@@ -506,8 +501,6 @@ if [ "$BUILD_KERNEL" = true ] ; then
   fi
 
 else # BUILD_KERNEL=false
-  #  echo Install precompiled kernel...
-  #  echo error: not implemented
   if [ "$SET_ARCH" = 64 ] && { [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ; } ; then
 
 	# Use Sakakis modified kernel if ZSWAP is active
diff --git a/bootstrap.d/15-rpi-config.sh b/bootstrap.d/15-rpi-config.sh
index 8a5e00f..5130927 100644
--- a/bootstrap.d/15-rpi-config.sh
+++ b/bootstrap.d/15-rpi-config.sh
@@ -5,40 +5,38 @@
 # Load utility functions
 . ./functions.sh
 
-#if [ "$BUILD_KERNEL" = true ] ; then
-  if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then
-    # Install boot binaries from local directory
-    cp "${RPI_FIRMWARE_DIR}"/boot/bootcode.bin "${BOOT_DIR}"/bootcode.bin
-    cp "${RPI_FIRMWARE_DIR}"/boot/fixup.dat "${BOOT_DIR}"/fixup.dat
-    cp "${RPI_FIRMWARE_DIR}"/boot/fixup_cd.dat "${BOOT_DIR}"/fixup_cd.dat
-    cp "${RPI_FIRMWARE_DIR}"/boot/fixup_x.dat "${BOOT_DIR}"/fixup_x.dat
-    cp "${RPI_FIRMWARE_DIR}"/boot/start.elf "${BOOT_DIR}"/start.elf
-    cp "${RPI_FIRMWARE_DIR}"/boot/start_cd.elf "${BOOT_DIR}"/start_cd.elf
-    cp "${RPI_FIRMWARE_DIR}"/boot/start_x.elf "${BOOT_DIR}"/start_x.elf
-  else
-    # Create temporary directory for boot binaries
-    temp_dir=$(as_nobody mktemp -d)
+if [ -n "$RPI_FIRMWARE_DIR" ] && [ -d "$RPI_FIRMWARE_DIR" ] ; then
+  # Install boot binaries from local directory
+  cp "${RPI_FIRMWARE_DIR}"/boot/bootcode.bin "${BOOT_DIR}"/bootcode.bin
+  cp "${RPI_FIRMWARE_DIR}"/boot/fixup.dat "${BOOT_DIR}"/fixup.dat
+  cp "${RPI_FIRMWARE_DIR}"/boot/fixup_cd.dat "${BOOT_DIR}"/fixup_cd.dat
+  cp "${RPI_FIRMWARE_DIR}"/boot/fixup_x.dat "${BOOT_DIR}"/fixup_x.dat
+  cp "${RPI_FIRMWARE_DIR}"/boot/start.elf "${BOOT_DIR}"/start.elf
+  cp "${RPI_FIRMWARE_DIR}"/boot/start_cd.elf "${BOOT_DIR}"/start_cd.elf
+  cp "${RPI_FIRMWARE_DIR}"/boot/start_x.elf "${BOOT_DIR}"/start_x.elf
+else
+  # Create temporary directory for boot binaries
+  temp_dir=$(as_nobody mktemp -d)
 
-    # Install latest boot binaries from raspberry/firmware github
-    as_nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
-    as_nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
-    as_nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
-    as_nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
-    as_nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf"
-    as_nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
-    as_nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
+  # Install latest boot binaries from raspberry/firmware github
+  as_nobody wget -q -O "${temp_dir}/bootcode.bin" "${FIRMWARE_URL}/bootcode.bin"
+  as_nobody wget -q -O "${temp_dir}/fixup.dat" "${FIRMWARE_URL}/fixup.dat"
+  as_nobody wget -q -O "${temp_dir}/fixup_cd.dat" "${FIRMWARE_URL}/fixup_cd.dat"
+  as_nobody wget -q -O "${temp_dir}/fixup_x.dat" "${FIRMWARE_URL}/fixup_x.dat"
+  as_nobody wget -q -O "${temp_dir}/start.elf" "${FIRMWARE_URL}/start.elf"
+  as_nobody wget -q -O "${temp_dir}/start_cd.elf" "${FIRMWARE_URL}/start_cd.elf"
+  as_nobody wget -q -O "${temp_dir}/start_x.elf" "${FIRMWARE_URL}/start_x.elf"
 
-    # Move downloaded boot binaries
-    mv "${temp_dir}/"* "${BOOT_DIR}/"
+  # Move downloaded boot binaries
+  mv "${temp_dir}/"* "${BOOT_DIR}/"
 
-    # Remove temporary directory for boot binaries
-    rm -fr "${temp_dir}"
+  # Remove temporary directory for boot binaries
+  rm -fr "${temp_dir}"
 
-    # Set permissions of the boot binaries
-    chown -R root:root "${BOOT_DIR}"
-    chmod -R 600 "${BOOT_DIR}"
-  fi
-#fi
+  # Set permissions of the boot binaries
+  chown -R root:root "${BOOT_DIR}"
+  chmod -R 600 "${BOOT_DIR}"
+fi
 
 # Setup firmware boot cmdline
 if [ "$ENABLE_UBOOTUSB" = true ] ; then
@@ -164,7 +162,7 @@ if [ "$ENABLE_CONSOLE" = true ] ; then
   CMDLINE="${CMDLINE} console=serial0,115200"
 
   # Enable serial console systemd style
-  chroot_exec systemctl enable serial-getty@serial0.service
+  chroot_exec systemctl enable serial-getty\@serial0.service
 else
   echo "enable_uart=0"  >> "${BOOT_DIR}/config.txt"
 fi
diff --git a/bootstrap.d/21-firewall.sh b/bootstrap.d/21-firewall.sh
index 1688be9..d198eb5 100644
--- a/bootstrap.d/21-firewall.sh
+++ b/bootstrap.d/21-firewall.sh
@@ -9,9 +9,10 @@ if [ "$ENABLE_IPTABLES" = true ] ; then
   # Create iptables configuration directory
   mkdir -p "${ETC_DIR}/iptables"
   
-  # make sure iptables-legacy is the used alternatives 
-  #iptables-save and -restore are slaves of iptables and thus are set accordingly
-  chroot_exec update-alternatives --verbose --set iptables /usr/sbin/iptables-legacy
+  if [ "$KERNEL_NF" = false ] ; then
+    # iptables-save and -restore are slaves of iptables and thus are set accordingly
+    chroot_exec update-alternatives --verbose --set iptables /usr/sbin/iptables-legacy    
+  fi
   
   # Install iptables systemd service
   install_readonly files/iptables/iptables.service "${ETC_DIR}/systemd/system/iptables.service"
@@ -27,9 +28,10 @@ if [ "$ENABLE_IPTABLES" = true ] ; then
   chroot_exec systemctl enable iptables.service
 
   if [ "$ENABLE_IPV6" = true ] ; then
-    # make sure ip6tables-legacy is the used alternatives 
-    chroot_exec update-alternatives --verbose --set ip6tables /usr/sbin/ip6tables-legacy
-	
+    if [ "$KERNEL_NF" = false ] ; then
+    # iptables-save and -restore are slaves of iptables and thus are set accordingly
+    chroot_exec update-alternatives --verbose --set ip6tables /usr/sbin/ip6tables-legacy 
+	fi
     # Install ip6tables systemd service
     install_readonly files/iptables/ip6tables.service "${ETC_DIR}/systemd/system/ip6tables.service"
 
diff --git a/files/firstboot/23-regenerate-initramfs.sh b/files/firstboot/23-regenerate-initramfs.sh
index 78e2922..1c4f03c 100644
--- a/files/firstboot/23-regenerate-initramfs.sh
+++ b/files/firstboot/23-regenerate-initramfs.sh
@@ -8,6 +8,7 @@ INITRAMFS_UBOOT="${INITRAMFS}.uboot"
 # Extract kernel arch
 case "${KERNEL_ARCH}" in
   arm*) KERNEL_ARCH=arm ;;
+  aarch64) KERNEL_ARCH=arm64 ;;
 esac
 
 # Regenerate initramfs
diff --git a/rpi23-gen-image.sh b/rpi23-gen-image.sh
index cac3e80..b9be4c8 100755
--- a/rpi23-gen-image.sh
+++ b/rpi23-gen-image.sh
@@ -186,6 +186,7 @@ KERNEL_VIRT=${KERNEL_VIRT:=false}
 KERNEL_BPF=${KERNEL_BPF:=false}
 KERNEL_DEFAULT_GOV=${KERNEL_DEFAULT_GOV:=powersave}
 KERNEL_SECURITY=${KERNEL_SECURITY:=false}
+KERNEL_NF=${KERNEL_NF:=false}
 
 # Kernel compilation from source directory settings
 KERNELSRC_DIR=${KERNELSRC_DIR:=""}
@@ -221,7 +222,7 @@ CHROOT_SCRIPTS=${CHROOT_SCRIPTS:=""}
 APT_INCLUDES=${APT_INCLUDES:=""}
 APT_INCLUDES="${APT_INCLUDES},apt-transport-https,apt-utils,ca-certificates,debian-archive-keyring,dialog,sudo,systemd,sysvinit-utils,locales,keyboard-configuration,console-setup,libnss-systemd"
 
-#Packages to exclude from chroot build environment
+# Packages to exclude from chroot build environment
 APT_EXCLUDES=${APT_EXCLUDES:=""}
 
 # Packages required for bootstrapping