diff --git a/README.md b/README.md
index 1ea7d06..78334c1 100644
--- a/README.md
+++ b/README.md
@@ -330,7 +330,7 @@ With this parameter set to true the script expects the existing kernel sources d
 The directory (`firmware`) containing a local copy of the firmware from the [RaspberryPi firmware project](https://github.com/raspberrypi/firmware). Default is to download the latest firmware directly from the project.
 
 ##### `KERNEL_NF`=false
-Enable Netfilter modules as kernel modules (systemd compilations about it (File /lib/systemd/system/systemd-journald.server:36 configures an IP firewall (IPAddressDeny=all), but the local system does not support BPF/cgroup based firewalls)
+Enable Netfilter modules as kernel modules
 
 ##### `KERNEL_VIRT`=false
 Enable Kernel KVM support (/dev/kvm)
@@ -338,8 +338,8 @@ Enable Kernel KVM support (/dev/kvm)
 ##### `KERNEL_ZSWAP`=false
 Enable Kernel Zswap support. Best use on high RAM load and mediocre CPU load usecases
 
-
-
+##### `KERNEL_BPF`=true
+Allow attaching eBPF programs to a cgroup using the bpf syscall (CONFIG_BPF_SYSCALL CONFIG_CGROUP_BPF) [systemd compilations about it - File /lib/systemd/system/systemd-journald.server:36 configures an IP firewall (IPAddressDeny=all), but the local system does not support BPF/cgroup based firewalls]
 
 ---
 
diff --git a/bootstrap.d/13-kernel.sh b/bootstrap.d/13-kernel.sh
index ac71407..76fc2f5 100644
--- a/bootstrap.d/13-kernel.sh
+++ b/bootstrap.d/13-kernel.sh
@@ -111,10 +111,9 @@ if [ "$BUILD_KERNEL" = true ] ; then
       set_kernel_config VHOST_NET m 
       set_kernel_config VHOST_CROSS_ENDIAN_LEGACY y 
 	fi
-	
+	#See https://github.com/raspberrypi/linux/issues/2177#issuecomment-354647406
+    # Netfilter kernel support
 	if [ "$KERNEL_NF" = true ] && ( [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ) ; then
-	  #See https://github.com/raspberrypi/linux/issues/2177#issuecomment-354647406
-      # Netfilter kernel support
 	  # xtables
       set_kernel_config NETFILTER_XTABLES m
 	  # Netfilter nf_tables support
@@ -213,6 +212,14 @@ if [ "$BUILD_KERNEL" = true ] ; then
       set_kernel_config CONFIG_BRIDGE_EBT_T_FILTER m 
     fi
 	
+	#https://groups.google.com/forum/#!topic/linux.gentoo.user/_2aSc_ztGpA
+	#https://github.com/torvalds/linux/blob/master/init/Kconfig#L848
+	# Enables BPF syscall for systemd-journald
+	if [ "$KERNEL_BPF" = true ] && ( [ "$RPI_MODEL" = 3 ] || [ "$RPI_MODEL" = 3P ] ) ; then
+	  set_kernel_config CONFIG_BPF_SYSCALL y
+	  set_kernel_config CONFIG_CGROUP_BPF y
+	fi
+	
 	popd 
 	
     if [ "$KERNELSRC_CONFIG" = true ] ; then
diff --git a/rpi23-gen-image.sh b/rpi23-gen-image.sh
index febca07..1e64f08 100755
--- a/rpi23-gen-image.sh
+++ b/rpi23-gen-image.sh
@@ -172,8 +172,9 @@ KERNEL_MENUCONFIG=${KERNEL_MENUCONFIG:=false}
 KERNEL_REMOVESRC=${KERNEL_REMOVESRC:=true}
 KERNEL_OLDDEFCONFIG=${KERNEL_OLDDEFCONFIG:=false}
 KERNEL_CCACHE=${KERNEL_CCACHE:=false}
-KERNEL_ZSWAP=${KERNEL_ZSWAP:=true}
-KERNEL_VIRT=${KERNEL_VIRT:=true}
+KERNEL_ZSWAP=${KERNEL_ZSWAP:=false}
+KERNEL_VIRT=${KERNEL_VIRT:=false}
+KERNEL_BPF${KERNEL_BPF:=true}
 
 # Kernel compilation from source directory settings
 KERNELSRC_DIR=${KERNELSRC_DIR:=""}