diff --git a/modules/netns.nix b/modules/netns.nix
index 96493974..b2f3f587 100644
--- a/modules/netns.nix
+++ b/modules/netns.nix
@@ -28,7 +28,7 @@ let
   mkNetNsConfig = name: opts: with opts; {
     systemd.services."netns-${name}" = let
       ip = lib.getExe' pkgs.iproute2 "ip";
-      iptables = lib.getExe pkgs.iptables;
+      iptables = lib.getExe' pkgs.iptables "iptables";
       in-ns = "${ip} netns exec ${name}";
       bridgePort = port: proto: ''
         ${in-ns} ${iptables} -A PREROUTING -t nat -p ${proto} --dport ${port} -m iprange --dst-range ${netnsPubIpv4} \