diff --git a/firewall/firewall-add b/firewall/firewall-add
index c6e4458..0b5df6a 100755
--- a/firewall/firewall-add
+++ b/firewall/firewall-add
@@ -407,7 +407,7 @@ for source_ip_index in $(seq 1 $COUNT_SOURCE_IP); do
                 if [[ "$PREROUTING" == "true" ]] || [[ "$POSTROUTING" == "true" ]] || [[ "$HOST" == "true" ]]; then
 
                     if [ "$HOST" == "true" ]; then
-                        IPTABLES="/sbin/iptables -t nat"
+                        IPTABLES="/usr/sbin/iptables -t nat"
                         debug "iptables: "$IPTABLES
                     else
                         IPTABLES="nsenter -t $(docker inspect --format {{.State.Pid}} $NAME) -n -- /sbin/iptables-legacy -t nat"
diff --git a/network-go/implementation.md b/network-go/implementation.md
index ba4988e..7fde054 100644
--- a/network-go/implementation.md
+++ b/network-go/implementation.md
@@ -173,7 +173,7 @@ pid, _ := dockerClient.GetContainerPID(ctx, containerName)
 
 // 2. Execute iptables inside container namespace via nsenter
 exec.Command("nsenter", "-t", fmt.Sprintf("%d", pid), "-n", "--",
-    "/sbin/iptables-legacy", "-t", "nat", "-I", "PREROUTING", ...)
+    "/usr/sbin/iptables-legacy", "-t", "nat", "-I", "PREROUTING", ...)
 ```
 
 - `-t <pid>` — target the container's PID
diff --git a/network-go/iptables/iptables.go b/network-go/iptables/iptables.go
index 321af58..f3ffe26 100644
--- a/network-go/iptables/iptables.go
+++ b/network-go/iptables/iptables.go
@@ -69,9 +69,9 @@ func (m *Manager) run(args ...string) error {
 
 // runInContainer executes an iptables command inside a container's network namespace via nsenter
 func (m *Manager) runInContainer(pid int, table string, args ...string) error {
-	iptPath := "/sbin/iptables-legacy"
+	iptPath := "/usr/sbin/iptables-legacy"
 	if !strings.Contains(m.binary, "legacy") {
-		iptPath = "/sbin/iptables"
+		iptPath = "/usr/sbin/iptables"
 	}
 
 	fullArgs := []string{"-t", fmt.Sprintf("%d", pid), "-n", "--", iptPath}
@@ -177,9 +177,9 @@ func (m *Manager) deleteMatchingLines(chain, table string, grepPatterns ...strin
 
 // deleteMatchingLinesInContainer deletes matching lines inside a container namespace
 func (m *Manager) deleteMatchingLinesInContainer(pid int, table, chain string, grepPatterns ...string) error {
-	iptPath := "/sbin/iptables-legacy"
+	iptPath := "/usr/sbin/iptables-legacy"
 	if !strings.Contains(m.binary, "legacy") {
-		iptPath = "/sbin/iptables"
+		iptPath = "/usr/sbin/iptables"
 	}
 
 	nsenterArgs := []string{"-t", fmt.Sprintf("%d", pid), "-n", "--", iptPath, "-w", "--line-number", "-n", "-t", table, "-L", chain}