diff --git a/internal/blocker/firewalld.go b/internal/blocker/firewalld.go
index 30a21d4..f9a799c 100644
--- a/internal/blocker/firewalld.go
+++ b/internal/blocker/firewalld.go
@@ -45,6 +45,7 @@ func (f *Firewalld) Unban(ip string) error {
 	if err != nil {
 		return err
 	}
+	// #nosec G204 - ip is validated
 	cmd := exec.Command("firewall-cmd", "--zone=drop", "--remove-source", ip, "--permanent")
 	output, err := cmd.CombinedOutput()
 	if err != nil {
diff --git a/internal/blocker/nftables.go b/internal/blocker/nftables.go
index da7ee44..937633a 100644
--- a/internal/blocker/nftables.go
+++ b/internal/blocker/nftables.go
@@ -26,7 +26,7 @@ func (n *Nftables) Ban(ip string) error {
 	if err != nil {
 		return err
 	}
-
+	// #nosec G204 - ip is validated
 	cmd := exec.Command("nft", "add", "rule", "inet", "banforge", "banned",
 		"ip", "saddr", ip, "drop")
 	output, err := cmd.CombinedOutput()
@@ -253,7 +253,7 @@ func saveNftablesConfig(configPath string) error {
 	if err != nil {
 		return fmt.Errorf("failed to get nftables ruleset: %w", err)
 	}
-
+	// #nosec G204 - managed by system adminstartor
 	cmd = exec.Command("tee", configPath)
 	stdin, err := cmd.StdinPipe()
 	if err != nil {