diff --git a/internal/blocker/nftables.go b/internal/blocker/nftables.go
index 937633a..ff8c733 100644
--- a/internal/blocker/nftables.go
+++ b/internal/blocker/nftables.go
@@ -113,6 +113,7 @@ func (n *Nftables) Setup(config string) error {
 	}
 }
 `
+	// #nosec G204 - config is managed by adminstartor
 	cmd := exec.Command("tee", config)
 	stdin, err := cmd.StdinPipe()
 	if err != nil {
@@ -135,7 +136,7 @@ func (n *Nftables) Setup(config string) error {
 	if err = cmd.Wait(); err != nil {
 		return fmt.Errorf("failed to save config: %w", err)
 	}
-
+	// #nosec G204 - config is managed by adminstartor
 	cmd = exec.Command("nft", "-f", config)
 	output, err := cmd.CombinedOutput()
 	if err != nil {
diff --git a/internal/blocker/ufw.go b/internal/blocker/ufw.go
index a8739fc..2def949 100644
--- a/internal/blocker/ufw.go
+++ b/internal/blocker/ufw.go
@@ -23,7 +23,7 @@ func (u *Ufw) Ban(ip string) error {
 	if err != nil {
 		return err
 	}
-
+	// #nosec G204 - ip is validated
 	cmd := exec.Command("ufw", "--force", "deny", "from", ip)
 	output, err := cmd.CombinedOutput()
 	if err != nil {
@@ -42,7 +42,7 @@ func (u *Ufw) Unban(ip string) error {
 	if err != nil {
 		return err
 	}
-
+	// #nosec G204 - ip is validated
 	cmd := exec.Command("ufw", "--force", "delete", "deny", "from", ip)
 	output, err := cmd.CombinedOutput()
 	if err != nil {